Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add aws_account_id to boto3 session #3888

Closed
wants to merge 1 commit into from

Conversation

dlm6693
Copy link
Contributor

@dlm6693 dlm6693 commented Oct 5, 2023

Adds aws_account_id to boto3 Session contructor, client and resource APIs. Please note that CI will not succeed until boto/botocore#3031 is merged. This will enable customers to use account ID based routing in the SDK.

@@ -78,7 +81,10 @@ def __init__(

if aws_access_key_id or aws_secret_access_key or aws_session_token:
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since we do it with the other credential params, should we set credentials if account ID is set but none of the others are?

aws_access_key_id,
aws_secret_access_key,
aws_session_token,
aws_account_id,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if only aws_account_id is set? Do we fold this into the other resolved credentials?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The input is currently ignored and the client will fall back to one of the credential providers. All of the existing credential values can be individually set on a boto3 session and a client can be created successfully even if the other credential values are empty.

from boto3.session import Session
session = Session(aws_access_key_id='foo')
s3 = session.client('s3')
print(s3._request_signer._credentials.__dict__)
{'access_key': 'foo', 'secret_key': None, 'token': None, 'method': 'explicit'}

It seemed wrong to extend this behavior to account ID. This is similar to how botocore.session.Session.create_client handles explicitly set credential values. If only the session token is set here, it will be ignored and use a credential provider instead.

It's not the best experience to silently ignore an input so maybe we could add validation here or in set_credentials instead.

@dlm6693 dlm6693 mentioned this pull request Nov 9, 2023
@nateprewitt
Copy link
Contributor

Resolving for inclusion at a later date.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants