vendor_fabric.aws

AWS connector built on extended-data primitives.

This package provides AWS operations organized into submodules:

  • organizations: AWS Organizations and Control Tower account management

  • sso: IAM Identity Center (SSO) operations

  • s3: S3 bucket and object operations

  • secrets: Secrets Manager operations

  • ecs: ECS cluster and service operations

Usage: from vendor_fabric.aws import AWSConnector

connector = AWSConnector()
accounts = connector.get_accounts()

Submodules

Package Contents

Classes

AWSConnector

AWS connector for boto3 client, resource, and external data operations.

Data

API

vendor_fabric.aws.AWSSecretValue = None
class vendor_fabric.aws.AWSConnector(execution_role_arn: str | None = None, logger: extended_data.logging.Logging | None = None, **kwargs: Any)

Bases: vendor_fabric.aws.organizations.AWSOrganizationsMixin, vendor_fabric.aws.sso.AWSSSOmixin, vendor_fabric.aws.s3.AWSS3Mixin, vendor_fabric.base.ConnectorBase

AWS connector for boto3 client, resource, and external data operations.

This first-class connector provides:

  • Session management and role assumption

  • Client/resource creation with retry configuration

  • Secrets Manager operations

  • Organizations, IAM Identity Center, and S3 operations

Initialization

Initialize the connector.

Args: api_key: API key (overrides environment variable) base_url: Base URL (overrides class default) timeout: HTTP timeout in seconds logger: Logger instance **kwargs: Passed to InputProvider

assume_role(execution_role_arn: str, role_session_name: str) Any

Assume an AWS IAM role and return a boto3 Session.

Args: execution_role_arn: ARN of the role to assume. role_session_name: Name for the assumed role session.

Returns: A boto3 Session with the assumed role credentials.

Raises: RuntimeError: If role assumption fails.

get_aws_session(execution_role_arn: str | None = None, role_session_name: str | None = None) Any

Get a boto3 Session, optionally assuming a role.

Args: execution_role_arn: ARN of role to assume. If None, uses default session. role_session_name: Name for the assumed role session.

Returns: A boto3 Session.

static create_standard_retry_config(max_attempts: int = 5) Any

Create a standard retry configuration.

Args: max_attempts: Maximum retry attempts. Defaults to 5.

Returns: A botocore Config with retry settings.

get_aws_client(client_name: str, execution_role_arn: str | None = None, role_session_name: str | None = None, config: Any | None = None, **client_args: Any) Any

Get a boto3 client for the specified service.

Args: client_name: AWS service name (e.g., ‘s3’, ‘ec2’, ‘organizations’). execution_role_arn: ARN of role to assume for cross-account access. role_session_name: Name for the assumed role session. config: Optional botocore Config. Defaults to standard retry config. **client_args: Additional arguments passed to boto3 client.

Returns: A boto3 client for the specified service.

get_aws_resource(service_name: str, execution_role_arn: str | None = None, role_session_name: str | None = None, config: Any | None = None, **resource_args: Any) Any

Get a boto3 resource for the specified service.

Args: service_name: AWS service name (e.g., ‘s3’, ‘ec2’, ‘dynamodb’). execution_role_arn: ARN of role to assume for cross-account access. role_session_name: Name for the assumed role session. config: Optional botocore Config. Defaults to standard retry config. **resource_args: Additional arguments passed to boto3 resource.

Returns: A boto3 resource for the specified service.

Raises: RuntimeError: If resource creation fails.

get_caller_account_id() extended_data.containers.ExtendedString

Get the AWS account ID of the caller.

Returns: The 12-digit AWS account ID.

get_secret(secret_id: str, execution_role_arn: str | None = None, role_session_name: str | None = None, secretsmanager: Any | None = None) extended_data.containers.ExtendedString | None

Get a single secret value from AWS Secrets Manager.

Args: secret_id: The ARN or name of the secret to retrieve. execution_role_arn: ARN of role to assume for cross-account access. role_session_name: Session name for assumed role. secretsmanager: Optional pre-existing Secrets Manager client.

Returns: The secret value as a string, or None if not found.

list_secrets(filters: collections.abc.Sequence[collections.abc.Mapping[str, Any]] | None = None, prefix: str | None = None, get_secret_values: bool = False, skip_empty_secrets: bool = False, execution_role_arn: str | None = None, role_session_name: str | None = None) extended_data.containers.ExtendedDict

List secrets from AWS Secrets Manager.

Args: filters: List of filter dicts for list_secrets API. prefix: Optional prefix for the AWS “name” filter. get_secret_values: If True, fetch actual secret values. skip_empty_secrets: If True, skip secrets with empty values. execution_role_arn: ARN of role to assume for cross-account access. role_session_name: Session name for assumed role.

Returns: Dict mapping secret names to ARNs or values.

Raises: ValueError: If prefix contains invalid characters.

create_secret(name: str, secret_value: str, description: str = '', tags: collections.abc.Mapping[str, str] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict

Create a new secret in AWS Secrets Manager.

update_secret(secret_id: str, secret_value: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict

Update an existing secret value.

delete_secret(secret_id: str, force_delete: bool = False, recovery_window_days: int = 30, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict

Delete a secret from AWS Secrets Manager.

delete_secrets_matching(prefix: str | None = None, force_delete: bool = False, dry_run: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedList[extended_data.containers.ExtendedString]

Delete all secrets that match the provided name prefix.

copy_secrets_to_s3(secrets: collections.abc.Mapping[str, vendor_fabric.aws.AWSSecretValue], bucket: str, key: str, execution_role_arn: str | None = None, role_session_name: str | None = None) extended_data.containers.ExtendedString

Copy secrets dictionary to S3 as JSON.

Args: secrets: Dictionary of secrets to upload. bucket: S3 bucket name. key: S3 object key. execution_role_arn: ARN of role to assume for S3 access. role_session_name: Session name for assumed role.

Returns: S3 URI of uploaded object.

load_secrets_by_prefix(prefix: str, *, strip_prefix: bool = True, uppercase_keys: bool = False, skip_empty_secrets: bool = True, execution_role_arn: str | None = None, role_session_name: str | None = None) extended_data.containers.ExtendedDict

Load AWS Secrets Manager values into a mapping keyed by secret name.

Args: prefix: AWS Secrets Manager name prefix to load. strip_prefix: Remove the prefix from returned mapping keys. uppercase_keys: Uppercase returned mapping keys for env-style use. skip_empty_secrets: Skip missing or empty secret values. execution_role_arn: ARN of role to assume for cross-account access. role_session_name: Session name for assumed role.

Returns: Mapping of transformed secret names to secret values.

get_organization_accounts(unhump_accounts: bool = True, sort_by_name: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
get_controltower_accounts(unhump_accounts: bool = True, sort_by_name: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
get_accounts(unhump_accounts: bool = True, sort_by_name: bool = False, include_controltower: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
get_organization_units(unhump_units: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
label_account(account_id: str, labels: collections.abc.Mapping[str, str], execution_role_arn: str | None = None) None
classify_accounts(accounts: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, classification_rules: collections.abc.Mapping[str, collections.abc.Sequence[str]] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
label_aws_accounts(domains: collections.abc.Mapping[str, str], aws_organization_units: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, caller_account_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
label_aws_account(account_id: str, domains: collections.abc.Mapping[str, str], aws_organization_units: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, caller_account_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
classify_aws_accounts(labeled_accounts: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, suffix: str | None = None, domains: collections.abc.Mapping[str, str] | None = None, aws_organization_units: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, caller_account_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
preprocess_aws_organization(domains: collections.abc.Mapping[str, str], suffix: str | None = None, aws_organization_units: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, caller_account_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
preprocess_organization(include_tags: bool = True, include_classification: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
get_identity_store_id(execution_role_arn: str | None = None) extended_data.containers.ExtendedString
get_sso_instance_arn(execution_role_arn: str | None = None) extended_data.containers.ExtendedString
list_sso_users(identity_store_id: str | None = None, unhump_users: bool = True, flatten_name: bool = True, sort_by_name: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
get_sso_user(user_id: str, identity_store_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict | None
create_sso_user(user_name: str, display_name: str, given_name: str | None = None, family_name: str | None = None, emails: collections.abc.Sequence[collections.abc.Mapping[str, Any]] | None = None, identity_store_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
delete_sso_user(user_id: str, identity_store_id: str | None = None, execution_role_arn: str | None = None) None
list_sso_groups(identity_store_id: str | None = None, unhump_groups: bool = True, expand_members: bool = False, users: collections.abc.Mapping[str, collections.abc.Mapping[str, Any]] | None = None, sort_by_name: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
create_sso_group(display_name: str, description: str = '', identity_store_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
delete_sso_group(group_id: str, identity_store_id: str | None = None, execution_role_arn: str | None = None) None
add_user_to_group(user_id: str, group_id: str, identity_store_id: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
remove_user_from_group(membership_id: str, identity_store_id: str | None = None, execution_role_arn: str | None = None) None
list_permission_sets(instance_arn: str | None = None, include_inline_policy: bool = True, include_managed_policies: bool = True, unhump_sets: bool = True, sort_by_name: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
list_account_assignments(account_id: str, permission_set_arn: str, instance_arn: str | None = None, unhump_assignments: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedList[extended_data.containers.ExtendedDict]
create_account_assignment(account_id: str, permission_set_arn: str, principal_id: str, principal_type: str, instance_arn: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
delete_account_assignment(account_id: str, permission_set_arn: str, principal_id: str, principal_type: str, instance_arn: str | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
list_s3_buckets(unhump_buckets: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
get_bucket_location(bucket_name: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedString
get_object(bucket: str, key: str, decode: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedString | bytes | None
get_json_object(bucket: str, key: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict | extended_data.containers.ExtendedList[Any] | None
put_object(bucket: str, key: str, body: str | bytes, content_type: str | None = None, metadata: collections.abc.Mapping[str, str] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
put_json_object(bucket: str, key: str, data: collections.abc.Mapping[str, Any] | collections.abc.Sequence[Any], indent: int = 2, metadata: collections.abc.Mapping[str, str] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
delete_object(bucket: str, key: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
list_objects(bucket: str, prefix: str | None = None, delimiter: str | None = None, max_keys: int | None = None, unhump_objects: bool = True, execution_role_arn: str | None = None) extended_data.containers.ExtendedList[extended_data.containers.ExtendedDict]
copy_object(source_bucket: str, source_key: str, dest_bucket: str, dest_key: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
get_bucket_features(bucket_name: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
find_buckets_by_name(name_contains: str, include_features: bool = False, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
create_bucket(bucket_name: str, region: str | None = None, acl: str = 'private', enable_versioning: bool = False, tags: collections.abc.Mapping[str, str] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
delete_bucket(bucket_name: str, force: bool = False, execution_role_arn: str | None = None) None
get_bucket_tags(bucket_name: str, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
set_bucket_tags(bucket_name: str, tags: collections.abc.Mapping[str, str], execution_role_arn: str | None = None) None
get_bucket_sizes(bucket_names: collections.abc.Sequence[str] | None = None, execution_role_arn: str | None = None) extended_data.containers.ExtendedDict
BASE_URL: ClassVar[str] = <Multiline-String>
API_KEY_ENV: ClassVar[str] = <Multiline-String>
CONNECTOR_CATEGORY: ClassVar[str] = 'external'
CONNECTOR_CAPABILITIES: ClassVar[tuple[str, ...]] = ()
TIMEOUT: ClassVar[float] = 300.0
MIN_REQUEST_INTERVAL: ClassVar[float] = 0.0
MAX_RETRIES: ClassVar[int] = 5
property api_key: str
property client: httpx.Client
close() None
request(method: str, endpoint: str, *, headers: dict[str, str] | None = None, **kwargs: Any) httpx.Response
decode_response(response: httpx.Response, *, suffix: str | None = None, as_extended: bool = True) Any
decode_response_file(response: httpx.Response, *, source: str | None = None, suffix: str | None = None, as_extended: bool = True, metadata: collections.abc.Mapping[str, Any] | None = None) extended_data.io.DataFile
extend_result(value: Any) Any
request_data(method: str, endpoint: str, *, headers: dict[str, str] | None = None, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any
request_data_file(method: str, endpoint: str, *, headers: dict[str, str] | None = None, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.io.DataFile
request_workflow(method: str, endpoint: str, *, headers: dict[str, str] | None = None, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow
get(endpoint: str, **kwargs: Any) httpx.Response
get_data(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any
get_workflow(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow
post(endpoint: str, **kwargs: Any) httpx.Response
post_data(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any
post_workflow(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow
put(endpoint: str, **kwargs: Any) httpx.Response
put_data(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any
put_workflow(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow
delete(endpoint: str, **kwargs: Any) httpx.Response
delete_data(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any
delete_workflow(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow
patch(endpoint: str, **kwargs: Any) httpx.Response
patch_data(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) Any
patch_workflow(endpoint: str, *, suffix: str | None = None, as_extended: bool = True, **kwargs: Any) extended_data.workflows.DataWorkflow
download(url: str, output_path: str) int
vendor_capabilities: ClassVar[dict[str, vendor_fabric.capabilities.CapabilitySpec]] = None
vendor_capability_methods: ClassVar[dict[str, str]] = None
get_input(k: str, default: Any | None = None, required: bool = False, is_bool: bool = False, is_integer: bool = False, is_float: bool = False, is_path: bool = False, is_datetime: bool = False, as_extended: bool = False) Any
decode_input(k: str, default: Any | None = None, required: bool = False, decode_from_json: bool = False, decode_from_yaml: bool = False, decode_from_base64: bool = False, allow_none: bool = True, as_extended: bool = False) Any
freeze_inputs() extended_data.containers.mappings.ExtendedDict
thaw_inputs() extended_data.containers.mappings.ExtendedDict
snapshot_inputs(*, frozen: bool = False) extended_data.containers.mappings.ExtendedDict
replace_inputs(new_inputs: collections.abc.Mapping[str, Any] | None, *, clear_frozen: bool = True) extended_data.containers.mappings.ExtendedDict
merge_inputs(new_inputs: collections.abc.Mapping[str, Any] | None) extended_data.containers.mappings.ExtendedDict
shift_inputs() extended_data.containers.mappings.ExtendedDict