diff --git a/octodns/provider/route53.py b/octodns/provider/route53.py index 50c734c..5f0f0d2 100644 --- a/octodns/provider/route53.py +++ b/octodns/provider/route53.py @@ -221,9 +221,12 @@ class Route53Provider(BaseProvider): access_key_id: # The AWS secret access key secret_access_key: + # The AWS session token + session_token: - Alternatively, you may leave out access_key_id and secret_access_key, - this will result in boto3 deciding authentication dynamically. + Alternatively, you may leave out access_key_id, secret_access_key + and session_token. + This will result in boto3 deciding authentication dynamically. In general the account used will need full permissions on Route53. ''' @@ -236,10 +239,11 @@ class Route53Provider(BaseProvider): HEALTH_CHECK_VERSION = '0001' def __init__(self, id, access_key_id=None, secret_access_key=None, - max_changes=1000, client_max_attempts=None, *args, **kwargs): + session_token=None, max_changes=1000, + client_max_attempts=None, *args, **kwargs): self.max_changes = max_changes - _msg = 'access_key_id={}, secret_access_key=***'.format(access_key_id) - if access_key_id is None and secret_access_key is None: + _msg = 'access_key_id={}, secret_access_key=***, session_token=***'.format(access_key_id) + if access_key_id is None and secret_access_key is None and session_token is None: _msg = 'auth=fallback' self.log = logging.getLogger('Route53Provider[{}]'.format(id)) self.log.debug('__init__: id=%s, %s', id, _msg) @@ -251,11 +255,12 @@ class Route53Provider(BaseProvider): client_max_attempts) config = Config(retries={'max_attempts': client_max_attempts}) - if access_key_id is None and secret_access_key is None: + if access_key_id is None and secret_access_key is None and session_token is None: self._conn = client('route53', config=config) else: self._conn = client('route53', aws_access_key_id=access_key_id, aws_secret_access_key=secret_access_key, + aws_session_token=session_token, config=config) self._r53_zones = None