libera_utils.aws.utils.get_l2_team_role_session#
- libera_utils.aws.utils.get_l2_team_role_session(profile_name: str | None = None, *, role_name: str = 'L2Developer/LiberaUtils') Session#
Create a boto3 session that has assumed an L2 team IAM role.
Libera SDC users authenticate (via their AWS config/SSO or an explicit profile) to a “base” role that grants no permissions directly but is permitted to assume L2 team roles such as the canonical
LiberaUtilsrole, which hold the permissions needed by the CLI. This function resolves the base credentials, assumes the requested role, and returns a new session backed by the assumed-role credentials.- Parameters:
profile_name (str, optional) – AWS profile name used to create the base session. If None, standard boto resolution is used (e.g. the
AWS_PROFILEenvironment variable, the default profile, or an instance role).role_name (str, optional) – Name (or path-qualified name) of the IAM role to assume. Defaults to
"L2Developer/LiberaUtils".
- Returns:
A session whose credentials are those of the assumed role. The region is inherited from the base session.
- Return type:
boto3.Session
- Raises:
ValueError – If the base profile is not permitted to assume the role.