libera_utils.aws.utils#
Helper functions for AWS access
Functions
Finds a bucket by substring match to the bucket name. |
|
Finds a DynamoDB table by substring match to its name. |
|
Finds an EventBridge event bus by substring match to its name. |
|
|
Get a users AWS account ID number |
|
Create a boto3 session that has assumed an L2 team IAM role. |
- libera_utils.aws.utils._single_match_by_partial_name(partial_name: str, names: list[str], *, resource_description: str) str#
Return the single name matching partial_name, raising if zero or more than one match is found.
- Parameters:
- Returns:
The single matching name.
- Return type:
- libera_utils.aws.utils.find_bucket_in_account_by_partial_name(boto_session: Session, partial_name: str) str#
Finds a bucket by substring match to the bucket name. Raises if zero or more than one bucket matches.
- libera_utils.aws.utils.find_dynamodb_table_in_account_by_partial_name(boto_session: Session, partial_name: str) str#
Finds a DynamoDB table by substring match to its name. Raises if zero or more than one table matches.
- libera_utils.aws.utils.find_event_bus_in_account_by_partial_name(boto_session: Session, partial_name: str) str#
Finds an EventBridge event bus by substring match to its name. Raises if zero or more than one bus matches.
- libera_utils.aws.utils.get_aws_account_number(region_name='us-west-2', profile_name=None)#
Get a users AWS account ID number
- libera_utils.aws.utils.get_l2_team_role_session(profile_name: str | None = None, *, role_name: str = 'L2Developer/LiberaUtils') Session#
Create a boto3 session that has assumed an L2 team IAM role.
Libera SDC users authenticate (via their AWS config/SSO or an explicit profile) to a “base” role that grants no permissions directly but is permitted to assume L2 team roles such as the canonical
LiberaUtilsrole, which hold the permissions needed by the CLI. This function resolves the base credentials, assumes the requested role, and returns a new session backed by the assumed-role credentials.- Parameters:
profile_name (str, optional) – AWS profile name used to create the base session. If None, standard boto resolution is used (e.g. the
AWS_PROFILEenvironment variable, the default profile, or an instance role).role_name (str, optional) – Name (or path-qualified name) of the IAM role to assume. Defaults to
"L2Developer/LiberaUtils".
- Returns:
A session whose credentials are those of the assumed role. The region is inherited from the base session.
- Return type:
boto3.Session
- Raises:
ValueError – If the base profile is not permitted to assume the role.