add aws_account_id to boto3 session
#3888
Conversation
| @@ -78,7 +81,10 @@ def __init__( | |||
|
|
|||
| if aws_access_key_id or aws_secret_access_key or aws_session_token: | |||
There was a problem hiding this comment.
Since we do it with the other credential params, should we set credentials if account ID is set but none of the others are?
| aws_access_key_id, | ||
| aws_secret_access_key, | ||
| aws_session_token, | ||
| aws_account_id, |
There was a problem hiding this comment.
What happens if only aws_account_id is set? Do we fold this into the other resolved credentials?
There was a problem hiding this comment.
The input is currently ignored and the client will fall back to one of the credential providers. All of the existing credential values can be individually set on a boto3 session and a client can be created successfully even if the other credential values are empty.
from boto3.session import Session
session = Session(aws_access_key_id='foo')
s3 = session.client('s3')
print(s3._request_signer._credentials.__dict__)
{'access_key': 'foo', 'secret_key': None, 'token': None, 'method': 'explicit'}It seemed wrong to extend this behavior to account ID. This is similar to how botocore.session.Session.create_client handles explicitly set credential values. If only the session token is set here, it will be ignored and use a credential provider instead.
It's not the best experience to silently ignore an input so maybe we could add validation here or in set_credentials instead.
|
Resolving for inclusion at a later date. |
Adds
aws_account_idto boto3Sessioncontructor,clientandresourceAPIs. Please note that CI will not succeed until boto/botocore#3031 is merged. This will enable customers to use account ID based routing in the SDK.