diff --git a/actions/lib/action.py b/actions/lib/action.py index a7c40626..3fa9e86d 100755 --- a/actions/lib/action.py +++ b/actions/lib/action.py @@ -73,6 +73,16 @@ def get_r53zone(self, zone): def st2_user_data(self): return self.userdata + def create_boto3_session(self, role=None): + if role is not None: + print "create_boto3_session - role: %s region: %s" % (role, self.credentials['region']) + client = boto3.client('sts', region_name=self.credentials['region']) + creds = client.assume_role(RoleArn=role, RoleSessionName='st2session') + + boto3.setup_default_session(aws_access_key_id=creds['Credentials']['AccessKeyId'], + aws_secret_access_key=creds['Credentials']['SecretAccessKey'], + aws_session_token=creds['Credentials']['SessionToken']) + def get_boto3_session(self, resource): region = self.credentials['region'] del self.credentials['region'] diff --git a/actions/run.py b/actions/run.py index 326994b4..54c8bfca 100755 --- a/actions/run.py +++ b/actions/run.py @@ -8,6 +8,11 @@ def run(self, **kwargs): del kwargs['action'] module_path = kwargs['module_path'] del kwargs['module_path'] + if 'region_name' in kwargs.keys() and kwargs['region_name'] is not None: + self.credentials['region'] = kwargs['region_name'] + del kwargs['region_name'] + self.create_boto3_session(kwargs['assume_role']) + del kwargs['assume_role'] if action == 'run_instances': kwargs['user_data'] = self.st2_user_data() if action == 'create_tags': diff --git a/etc/st2packgen/templates/action_template.yaml.jinja b/etc/st2packgen/templates/action_template.yaml.jinja index 11c9420b..1f637260 100644 --- a/etc/st2packgen/templates/action_template.yaml.jinja +++ b/etc/st2packgen/templates/action_template.yaml.jinja @@ -19,6 +19,10 @@ parameters: default: boto3 immutable: true type: string + region_name: + type: string + assume_role: + type: string {%- for parameter in paramsreq %} {{ parameter.name }}: type: {{ parameter.type }}