Merge pull request #3452 from hosseinsh/sts-config
AWS STS regional config
This commit is contained in:
commit
b118fbbc3b
@ -209,6 +209,11 @@ Basic Configuration
|
||||
in the UI. When set to False (the default), the certificate delete API will always return "405 method not allowed"
|
||||
and deleted certificates will always be visible in the UI. (default: `False`)
|
||||
|
||||
.. data:: LEMUR_AWS_REGION
|
||||
:noindex:
|
||||
|
||||
This is an optional config applicable for settings where Lemur is deployed in AWS. For accessing regionalized
|
||||
STS endpoints, LEMUR_AWS_REGION defines the region where Lemur is deployed.
|
||||
|
||||
Certificate Default Options
|
||||
---------------------------
|
||||
|
@ -20,7 +20,13 @@ def sts_client(service, service_type="client"):
|
||||
def decorator(f):
|
||||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
sts = boto3.client("sts", config=config)
|
||||
if current_app.config.get("LEMUR_AWS_REGION"):
|
||||
deployment_region = current_app.config.get("LEMUR_AWS_REGION")
|
||||
sts = boto3.client('sts', region_name=deployment_region,
|
||||
endpoint_url=f"https://sts.{deployment_region}.amazonaws.com/",
|
||||
config=config)
|
||||
else:
|
||||
sts = boto3.client("sts", config=config)
|
||||
arn = "arn:aws:iam::{0}:role/{1}".format(
|
||||
kwargs.pop("account_number"),
|
||||
current_app.config.get("LEMUR_INSTANCE_PROFILE", "Lemur"),
|
||||
|
Loading…
Reference in New Issue
Block a user