vendor_fabric.aws¶
AWS connector built on extended-data primitives.
This package provides AWS operations organized into submodules:
organizations: AWS Organizations and Control Tower account management
sso: IAM Identity Center (SSO) operations
s3: S3 bucket and object operations
secrets: Secrets Manager operations
ecs: ECS cluster and service operations
Usage: from vendor_fabric.aws import AWSConnector
connector = AWSConnector()
accounts = connector.get_accounts()
Submodules¶
Package Contents¶
Classes¶
AWS connector for boto3 client, resource, and external data operations. |
Data¶
API¶
- vendor_fabric.aws.AWSSecretValue = None¶
- class vendor_fabric.aws.AWSConnector(execution_role_arn: str | None = None, logger: extended_data.logging.Logging | None = None, **kwargs: Any)¶
Bases:
vendor_fabric.aws.organizations.AWSOrganizationsMixin,vendor_fabric.aws.sso.AWSSSOmixin,vendor_fabric.aws.s3.AWSS3Mixin,vendor_fabric.base.ConnectorBaseAWS connector for boto3 client, resource, and external data operations.
This first-class connector provides:
Session management and role assumption
Client/resource creation with retry configuration
Secrets Manager operations
Organizations, IAM Identity Center, and S3 operations
Initialization
Initialize the connector.
Args: api_key: API key (overrides environment variable) base_url: Base URL (overrides class default) timeout: HTTP timeout in seconds logger: Logger instance **kwargs: Passed to InputProvider
- assume_role(execution_role_arn: str, role_session_name: str) Any¶
Assume an AWS IAM role and return a boto3 Session.
Args: execution_role_arn: ARN of the role to assume. role_session_name: Name for the assumed role session.
Returns: A boto3 Session with the assumed role credentials.
Raises: RuntimeError: If role assumption fails.
- get_aws_session(execution_role_arn: str | None = None, role_session_name: str | None = None) Any¶
Get a boto3 Session, optionally assuming a role.
Args: execution_role_arn: ARN of role to assume. If None, uses default session. role_session_name: Name for the assumed role session.
Returns: A boto3 Session.
- static create_standard_retry_config(max_attempts: int = 5) Any¶
Create a standard retry configuration.
Args: max_attempts: Maximum retry attempts. Defaults to 5.
Returns: A botocore Config with retry settings.
- get_aws_client(client_name: str, execution_role_arn: str | None = None, role_session_name: str | None = None, config: Any | None = None, **client_args: Any) Any¶
Get a boto3 client for the specified service.
Args: client_name: AWS service name (e.g., ‘s3’, ‘ec2’, ‘organizations’). execution_role_arn: ARN of role to assume for cross-account access. role_session_name: Name for the assumed role session. config: Optional botocore Config. Defaults to standard retry config. **client_args: Additional arguments passed to boto3 client.
Returns: A boto3 client for the specified service.
- get_aws_resource(service_name: str, execution_role_arn: str | None = None, role_session_name: str | None = None, config: Any | None = None, **resource_args: Any) Any¶
Get a boto3 resource for the specified service.
Args: service_name: AWS service name (e.g., ‘s3’, ‘ec2’, ‘dynamodb’). execution_role_arn: ARN of role to assume for cross-account access. role_session_name: Name for the assumed role session. config: Optional botocore Config. Defaults to standard retry config. **resource_args: Additional arguments passed to boto3 resource.
Returns: A boto3 resource for the specified service.
Raises: RuntimeError: If resource creation fails.
- get_caller_account_id() extended_data.containers.ExtendedString¶
Get the AWS account ID of the caller.
Returns: The 12-digit AWS account ID.
- get_secret(secret_id: str, execution_role_arn: str | None = None, role_session_name: str | None = None, secretsmanager: Any | None = None) extended_data.containers.ExtendedString | None¶
Get a single secret value from AWS Secrets Manager.
Args: secret_id: The ARN or name of the secret to retrieve. execution_role_arn: ARN of role to assume for cross-account access. role_session_name: Session name for assumed role. secretsmanager: Optional pre-existing Secrets Manager client.
Returns: The secret value as a string, or None if not found.
- list_secrets(filters: collections.abc.Sequence[collections.abc.Mapping[str, Any]] | None = None, prefix: str | None = None, get_secret_values: bool = False, skip_empty_secrets: bool = False, execution_role_arn: str | None = None, role_session_name: str | None = None) extended_data.containers.ExtendedDict¶
List secrets from AWS Secrets Manager.
Args: filters: List of filter dicts for list_secrets API. prefix: Optional prefix for the AWS “name” filter. get_secret_values: If True, fetch actual secret values. skip_empty_secrets: If True, skip secrets with empty values. execution_role_arn: ARN of role to assume for cross-account access. role_session_name: Session name for assumed role.
Returns: Dict mapping secret names to ARNs or values.
Raises: ValueError: If prefix contains invalid characters.
- create_secret(name: str, secret_value: str, description: str = '', tags: collections.abc.Mapping[str, str] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
Create a new secret in AWS Secrets Manager.
- update_secret(secret_id: str, secret_value: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
Update an existing secret value.
- delete_secret(secret_id: str, force_delete: bool = False, recovery_window_days: int = 30, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
Delete a secret from AWS Secrets Manager.
- delete_secrets_matching(prefix: str | None = None, force_delete: bool = False, dry_run: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedList[extended_data.containers.ExtendedString]¶
Delete all secrets that match the provided name prefix.
- copy_secrets_to_s3(secrets: collections.abc.Mapping[str, vendor_fabric.aws.AWSSecretValue], bucket: str, key: str, execution_role_arn: str | None = None, role_session_name: str | None = None) extended_data.containers.ExtendedString¶
Copy secrets dictionary to S3 as JSON.
Args: secrets: Dictionary of secrets to upload. bucket: S3 bucket name. key: S3 object key. execution_role_arn: ARN of role to assume for S3 access. role_session_name: Session name for assumed role.
Returns: S3 URI of uploaded object.
- load_secrets_by_prefix(prefix: str, *, strip_prefix: bool = True, uppercase_keys: bool = False, skip_empty_secrets: bool = True, execution_role_arn: str | None = None, role_session_name: str | None = None) extended_data.containers.ExtendedDict¶
Load AWS Secrets Manager values into a mapping keyed by secret name.
Args: prefix: AWS Secrets Manager name prefix to load. strip_prefix: Remove the prefix from returned mapping keys. uppercase_keys: Uppercase returned mapping keys for env-style use. skip_empty_secrets: Skip missing or empty secret values. execution_role_arn: ARN of role to assume for cross-account access. role_session_name: Session name for assumed role.
Returns: Mapping of transformed secret names to secret values.
- get_organization_accounts(unhump_accounts: bool = True, sort_by_name: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- get_controltower_accounts(unhump_accounts: bool = True, sort_by_name: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- get_accounts(unhump_accounts: bool = True, sort_by_name: bool = False, include_controltower: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- get_organization_units(unhump_units: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- label_account(account_id: str, labels: collections.abc.Mapping[str, str], execution_role_arn: str | None = None) None¶
- classify_accounts(accounts: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, classification_rules: collections.abc.Mapping[str, collections.abc.Sequence[str]] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- label_aws_accounts(domains: collections.abc.Mapping[str, str], aws_organization_units: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, caller_account_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- label_aws_account(account_id: str, domains: collections.abc.Mapping[str, str], aws_organization_units: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, caller_account_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- classify_aws_accounts(labeled_accounts: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, suffix: str | None = None, domains: collections.abc.Mapping[str, str] | None = None, aws_organization_units: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, caller_account_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- preprocess_aws_organization(domains: collections.abc.Mapping[str, str], suffix: str | None = None, aws_organization_units: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, caller_account_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- preprocess_organization(include_tags: bool = True, include_classification: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- get_identity_store_id(execution_role_arn: str | None = None) extended_data.containers.ExtendedString¶
- get_sso_instance_arn(execution_role_arn: str | None = None) extended_data.containers.ExtendedString¶
- list_sso_users(identity_store_id: str | None = None, unhump_users: bool = True, flatten_name: bool = True, sort_by_name: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- get_sso_user(user_id: str, identity_store_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict | None¶
- create_sso_user(user_name: str, display_name: str, given_name: str | None = None, family_name: str | None = None, emails: collections.abc.Sequence[collections.abc.Mapping[str, Any]] | None = None, identity_store_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- delete_sso_user(user_id: str, identity_store_id: str | None = None, execution_role_arn: str | None = None) None¶
- list_sso_groups(identity_store_id: str | None = None, unhump_groups: bool = True, expand_members: bool = False, users: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, sort_by_name: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- create_sso_group(display_name: str, description: str = '', identity_store_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- delete_sso_group(group_id: str, identity_store_id: str | None = None, execution_role_arn: str | None = None) None¶
- add_user_to_group(user_id: str, group_id: str, identity_store_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- remove_user_from_group(membership_id: str, identity_store_id: str | None = None, execution_role_arn: str | None = None) None¶
- list_permission_sets(instance_arn: str | None = None, include_inline_policy: bool = True, include_managed_policies: bool = True, unhump_sets: bool = True, sort_by_name: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- list_account_assignments(account_id: str, permission_set_arn: str, instance_arn: str | None = None, unhump_assignments: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedList[extended_data.containers.ExtendedDict]¶
- create_account_assignment(account_id: str, permission_set_arn: str, principal_id: str, principal_type: str, instance_arn: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- delete_account_assignment(account_id: str, permission_set_arn: str, principal_id: str, principal_type: str, instance_arn: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- list_s3_buckets(unhump_buckets: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- get_bucket_location(bucket_name: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedString¶
- get_object(bucket: str, key: str, decode: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedString | bytes | None¶
- get_json_object(bucket: str, key: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict | extended_data.containers.ExtendedList[Any] | None¶
- put_object(bucket: str, key: str, body: str | bytes, content_type: str | None = None, metadata: collections.abc.Mapping[str, str] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- put_json_object(bucket: str, key: str, data: collections.abc.Mapping[str, Any] | collections.abc.Sequence[Any], indent: int = 2, metadata: collections.abc.Mapping[str, str] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- delete_object(bucket: str, key: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- list_objects(bucket: str, prefix: str | None = None, delimiter: str | None = None, max_keys: int | None = None, unhump_objects: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedList[extended_data.containers.ExtendedDict]¶
- copy_object(source_bucket: str, source_key: str, dest_bucket: str, dest_key: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- get_bucket_features(bucket_name: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- find_buckets_by_name(name_contains: str, include_features: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- create_bucket(bucket_name: str, region: str | None = None, acl: str = 'private', enable_versioning: bool = False, tags: collections.abc.Mapping[str, str] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- delete_bucket(bucket_name: str, force: bool = False, execution_role_arn: str | None = None) None¶
- get_bucket_tags(bucket_name: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- set_bucket_tags(bucket_name: str, tags: collections.abc.Mapping[str, str], execution_role_arn: str | None = None) None¶
- get_bucket_sizes(bucket_names: collections.abc.Sequence[str] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict¶
- BASE_URL: ClassVar[str] = <Multiline-String>¶
- API_KEY_ENV: ClassVar[str] = <Multiline-String>¶
- CONNECTOR_CATEGORY: ClassVar[str] = 'external'¶
- CONNECTOR_CAPABILITIES: ClassVar[tuple[str, ...]] = ()¶
- TIMEOUT: ClassVar[float] = 300.0¶
- MIN_REQUEST_INTERVAL: ClassVar[float] = 0.0¶
- MAX_RETRIES: ClassVar[int] = 5¶
- property api_key: str¶
- property client: httpx.Client¶
- close() None¶
- request(method: str, endpoint: str, *, headers: dict[str, str] | None = None, **kwargs: Any) httpx.Response¶
- decode_response(response: httpx.Response, *, suffix: str | None = None, as_extended: bool = True) Any¶
- decode_response_file(response: httpx.Response, *, source: str | None = None, suffix: str | None = None, as_extended: bool = True, metadata: collections.abc.Mapping[str, Any] | None = None) extended_data.io.DataFile¶
- extend_result(value: Any) Any¶
- request_data(method: str, endpoint: str, *, headers: dict[str, str] | None = None, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any¶
- request_data_file(method: str, endpoint: str, *, headers: dict[str, str] | None = None, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.io.DataFile¶
- request_workflow(method: str, endpoint: str, *, headers: dict[str, str] | None = None, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow¶
- get(endpoint: str, **kwargs: Any) httpx.Response¶
- get_data(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any¶
- get_workflow(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow¶
- post(endpoint: str, **kwargs: Any) httpx.Response¶
- post_data(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any¶
- post_workflow(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow¶
- put(endpoint: str, **kwargs: Any) httpx.Response¶
- put_data(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any¶
- put_workflow(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow¶
- delete(endpoint: str, **kwargs: Any) httpx.Response¶
- delete_data(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any¶
- delete_workflow(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow¶
- patch(endpoint: str, **kwargs: Any) httpx.Response¶
- patch_data(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any¶
- patch_workflow(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow¶
- download(url: str, output_path: str) int¶
- vendor_capabilities: ClassVar[dict[str, vendor_fabric.capabilities.CapabilitySpec]] = None¶
- vendor_capability_methods: ClassVar[dict[str, str]] = None¶
- get_input(k: str, default: Any | None = None, required: bool = False, is_bool: bool = False, is_integer: bool = False, is_float: bool = False, is_path: bool = False, is_datetime: bool = False, as_extended: bool = False) Any¶
- decode_input(k: str, default: Any | None = None, required: bool = False, decode_from_json: bool = False, decode_from_yaml: bool = False, decode_from_base64: bool = False, allow_none: bool = True, as_extended: bool = False) Any¶
- freeze_inputs() extended_data.containers.mappings.ExtendedDict¶
- thaw_inputs() extended_data.containers.mappings.ExtendedDict¶
- snapshot_inputs(*, frozen: bool = False) extended_data.containers.mappings.ExtendedDict¶
- replace_inputs(new_inputs: collections.abc.Mapping[str, Any] | None, *, clear_frozen: bool = True) extended_data.containers.mappings.ExtendedDict¶
- merge_inputs(new_inputs: collections.abc.Mapping[str, Any] | None) extended_data.containers.mappings.ExtendedDict¶
- shift_inputs() extended_data.containers.mappings.ExtendedDict¶