# Validate Notebook Authentication

This notebook will test the authorization of the notebooks running in this library.

By including the `jupyterauth` module, the notebook will initialize the authorization of the notebooks. 
* For instance profile / machine configurations, the role details are displayed to the screen.
* For SSO configurations, the AWS SSO login will appear asking the user to grant access to the session.
* For role assumption, the default profile is set


In [3]:
os.environ['LINKED_ROLES'] = 'arn:aws:iam::383086473915:role/Jupyter-IR-ViewOnly,arn:aws:iam::913149361159:role/Jupyter-IR-ViewOnly'
os.environ['DEFAULT_ACCOUNT'] = '913149361159'
os.environ['DEFAULT_ROLE'] = 'Jupyter-IR-ViewOnly'


In [4]:
import os
os.environ.get('LINKED_ROLES', '')

'arn:aws:iam::383086473915:role/Jupyter-IR-ViewOnly,arn:aws:iam::913149361159:role/Jupyter-IR-ViewOnly'

In [5]:
import boto3, os
from jupyterawstools import jupyterauth


Use role assumption: Default Jupyter-IR-ViewOnly ['arn:aws:iam::383086473915:role/Jupyter-IR-ViewOnly', 'arn:aws:iam::913149361159:role/Jupyter-IR-ViewOnly']


The next cell will check all the configured permissions for this notebook. If the environment is configured for multiaccount via role assumption or sso, this will check each of the connections. 

In [8]:
jupyterauth.check_permissions()

### Account Status

|status|Account|Role|Status|
|-----|-----|-----|-----|
|<span style="color:green"> &#9679;</span>|383086473915|Jupyter-IR-ViewOnly|Successful|
|<span style="color:green"> &#9679;</span>|913149361159|Jupyter-IR-ViewOnly|Successful|


This demonstrates how to use the `jupyterauth` module to iterate all the accounts and execute a boto command against every account. Here it is simply getting caller identity on each account.

In [10]:
for session, account in jupyterauth.get_session_by_account():
    sts = session.client('sts')
    identity = sts.get_caller_identity()
    print(f'Account: {account} User: {identity["UserId"]}')

Account: 383086473915 User: AROAVSMN3WK5ZKOSSGRTR:jupyter
Account: 913149361159 User: AROA5JG7RPQD2MLE57RZE:jupyter


The default session is configured based on the environment variables.

In [9]:
boto3.setup_default_session()
sts = boto3.client('sts')
identity = sts.get_caller_identity()
print(f"UserId: {identity['UserId']}\nAccount: {identity['Account']}\n")

UserId: AROA5JG7RPQD2MLE57RZE:jupyter
Account: 913149361159



In [None]:
session =jupyterauth.get_session()
sts = session.client('sts')
identity = sts.get_caller_identity()
print(f"UserId: {identity['UserId']}\nAccount: {identity['Account']}\n")

Works with CLI commands too.

In [None]:
! aws sts get-caller-identity


In [None]:
jupyterauth.logout()