1

I am trying to figure out how to pass in static IAM AWS credentials when using the AWS Data API to interact with an Aurora Serverless db.

I am using the AWS Python Boto library and I read data from a table like this (which by default uses the credentials of the default IAM user that is defined in my ~/.aws/credentials file):

rds_client = boto3.client('rds-data')
rds_client.execute_statement(
        secretArn=self.db_credentials_secrets_store_arn,
        database=self.database_name,
        resourceArn=self.db_cluster_arn,
        sql='SELECT * FROM TestTable;',
        parameters=[])

This works successfully.

But I want to be able to pass in an AWS Access Key and Secret Key as parameters to the execute_statement call, something like:

rds_client.execute_statement(
        accessKey='XXX',
        secretKey='YYY',
        secretArn=self.db_credentials_secrets_store_arn,
        database=self.database_name,
        resourceArn=self.db_cluster_arn,
        sql='SELECT * FROM TestTable;',
        parameters=[])

But that does not work.

Any ideas on how I can achieve this?

Thanks!

user1974753
  • 1,359
  • 1
  • 18
  • 32

1 Answers1

2

In order to accomplish this, you will need to create a new function that takes the access key and the secret key, create a client for that user, then make the call.

def execute_statement_with_iam_user(accessKey, secretKey):
    rds_client = boto3.client(
        'rds',
        aws_access_key_id=accessKey,
        aws_secret_access_key=secretKey
    )
    rds_client.execute_statement(
            secretArn=self.db_credentials_secrets_store_arn,
            database=self.database_name,
            resourceArn=self.db_cluster_arn,
            sql='SELECT * FROM TestTable;',
            parameters=[])

execute_statement_with_iam_user(accessKey, secretkey)

FYI, AWS does not recommend hard coding your credentials like this. What you should be doing is assuming a role with a temporary session. For this, you would need to look into the sts client and creating roles for assumption.

Ben Bloom
  • 511
  • 4
  • 9