Ready-made proposal for a session object with automatically refreshable temporary security credentials.

[michaelthomasletts]

Describe the feature

A RefreshableSession object that automatically refreshes temporary security credentials via the DeferredRefreshableCredentials and RefreshableCredentials object.

The object will include a defer_refresh parameter for modulating between the DeferredRefreshableCredentials or RefreshableCredentials objects, depending on user preference.

The object will also include optional dictionary parameters in order to pass optional keyword arguments to the STS.Client and STS.Client.assume_role methods.

The resulting boto3.session.Session._credentials attribute will be overwritten such that temporary security credentials are automatically refreshed according to one of the two aforementioned methods.

The resulting boto3.session.Session object will maintain all of the methods normally associated with it.

Use Case

It is common for workflows, processes, etc. that interact with the AWS API via boto3 to run for a long time and, accordingly, for temporary security credentials to expire.

Normally, engineers resolve that problem one of two ways:

• Introducing a try except block that catches botocore.exceptions.ClientError exceptions.
• Implementing similar logic as that employed in this Python package that I wrote.

Speaking personally, I have run into this problem many times. I have written the code found in bulletpoint number two above at nearly every job I have held. Sometimes, I turned that code into a module. Other times, I rewrote it multiple times from scratch. Clearly, that is inefficient.

Although it is not especially difficult to use the DeferredRefreshableCredentials or RefreshableCredentials objects from the botocore library, it would nevertheless behoove users to have a boto3.session.Session object that automatically refreshes temporary security credentials available to them.

Lastly, I understand your team has received many questions and complaints about this lacking functionality. And I understand that your team has maintained thus far that such functionality will not be introduced. But I am hopeful that someone coming to your team with a ready-made solution -- one with unit tests, documentation, and other best practices that demonstrate real care -- encourages your team to maybe revisit that position. In other words, I am reaching out asking for your permission and blessing to add this feature into boto3.

Proposed Solution

I wrote this Python package with documentation that illustrates what I want to add into boto3. Specifically, I want to add the RefreshableSession object to the boto3/session.py file, inheriting from the boto3.session.Session object exactly as I did in the boto3-refresh-session package.

I opened a pull request here.

Other Information

I know that your team has received many questions and complaints about this missing feature. My intention is not to pester your team for the Nth time but rather present my work to you for addition to the boto3 project. It would be a great honor to contribute to this project!

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

SDK version used

1.36.25

Environment details (OS name and version, etc.)

Sonoma 14.4

[michaelthomasletts]

I went ahead and opened a pull request.