impl

This module provides the entry point to access all boto session related logic for managing AWS authentication across different environments and runtime contexts.

The BaseBotoSesEnum class serves as a factory for creating environment-specific boto session managers, automatically selecting the appropriate authentication method based on runtime detection (local, CI/CD, or AWS compute services).

All methods and properties use lazy loading for optimal performance.

which_bsm.impl.get_aws_account_id_in_ci(env_name: str) str[source]

Retrieve the AWS account ID for the specified environment in CI.

class which_bsm.impl.BaseBotoSesEnum(env_to_aws_profile_mapper: dict[str, str], env_to_aws_region_mapper: dict[str, str], default_app_env_name: str, devops_env_name: str, workload_role_name_prefix_in_ci: str, workload_role_name_suffix_in_ci: str, is_local_runtime_group: bool, is_ci_runtime_group: bool, is_local: bool, is_cloud9: bool, is_ec2: bool, is_lambda: bool, is_batch: bool, is_ecs: bool, is_glue: bool)[source]

Base class for boto session enumeration.

Provides configuration mapping between environments and AWS settings for managing boto sessions across different runtime contexts (local vs CI). Supports multiple AWS execution environments and runtime detection.

Parameters:

  • env_to_aws_profile_mapper – Mapping from environment names to AWS CLI profile names

  • env_to_aws_region_mapper – Mapping from environment names to AWS regions

  • default_app_env_name – Default application environment name

  • devops_env_name – DevOps environment name (cannot be same as default_app_env_name)

  • workload_role_name_prefix_in_ci – Prefix for workload IAM role names in CI

  • workload_role_name_suffix_in_ci – Suffix for workload IAM role names in CI

  • is_local_runtime_group – Whether this configuration is for local development

  • is_ci_runtime_group – Whether this configuration is for CI environment

  • is_local – Whether running in local development environment

  • is_cloud9 – Whether running in AWS Cloud9 IDE environment

  • is_ec2 – Whether running on AWS EC2 instance

  • is_lambda – Whether running in AWS Lambda function

  • is_batch – Whether running in AWS Batch job

  • is_esc – Whether running in AWS ECS (Elastic Container Service)

  • is_glue – Whether running in AWS Glue job

Example:

Configuration for multi-environment setup:

{
    "env_to_aws_profile_mapper": {"dev": "my-dev-profile", "prod": "my-prod-profile"},
    "env_to_aws_region_mapper": {"dev": "us-east-1", "prod": "us-west-2"},
    "default_app_env_name": "dev",
    "devops_env_name": "devops",
    "workload_role_name_prefix_in_ci": "WorkloadRole-",
    "workload_role_name_suffix_in_ci": "-Role",
    "is_local_runtime_group": true,
    "is_ci_runtime_group": false,
    "is_local": true,
    "is_cloud9": false,
    "is_ec2": false,
    "is_lambda": false,
    "is_batch": false,
    "is_esc": false,
    "is_glue": false
}

Note

The devops_env_name must be different from default_app_env_name to maintain proper separation between application and operations environments.

The runtime detection flags (is_local, is_cloud9, etc.) help determine the appropriate authentication method and session configuration for different AWS execution environments.

get_workload_role_arn_in_ci(env_name: str) str[source]

Generate the workload IAM role ARN for the specified environment in CI.

Constructs the full ARN for the workload role that should be assumed in CI environments for deployment operations. The role name is built using the configured prefix, environment name, and suffix.

Parameters:

env_name – Target environment name for the workload role

Returns:

Complete IAM role ARN for the workload environment

Raises:

  • ValueError – If env_name is the devops environment

  • KeyError – If AWS account ID environment variable is not set

Note

This method is primarily used in CI environments where AWS CLI profiles are not available. In local development, use AWS CLI named profiles instead.

get_workfload_role_session_name(env_name: str) str[source]

Generate a session name for the workload role assumption.

Creates a standardized session name format for role assumption operations. This helps with tracking and auditing role usage in AWS CloudTrail.

Parameters:

env_name – Environment name to include in the session name

Returns:

Formatted session name for role assumption

get_devops_bsm_in_local() BotoSesManager[source]

Get the boto session manager for the DevOps environment in local runtime.

get_devops_bsm_in_ci() BotoSesManager[source]

Get the boto session manager for the DevOps environment in CI runtime.

get_devops_bsm() BotoSesManager[source]

Get the boto session manager for the DevOps environment based on the runtime group.

property bsm_devops: BotoSesManager

Get the boto session manager for the DevOps environment.

get_env_bsm_in_local(env_name: str) BotoSesManager[source]

Get the boto session manager for a specific environment in local runtime.

get_env_bsm(env_name: str, assume_role_kwargs: dict[str, Any] | None = None) BotoSesManager[source]

Get the boto session manager for a specific environment based on the runtime group.

get_app_bsm() BotoSesManager[source]

Get the boto session manager for the application environment.

property bsm_app: BotoSesManager

Get the boto session manager for the application environment.