Usage#
To use boto3-refresh-session, you must have AWS credentials configured locally. Refer to the authorization documentation for details on supported authentication methods.
Basic Initialization#
Everything in boto3 is ultimately built on the boto3.session.Session
object —
including Client
and Resource
objects.
boto3-refresh-session extends this interface while adding automatic credential refresh.
Creating a session is straightforward:
from boto3_refresh_session import RefreshableSession
assume_role_kwargs = {
"RoleArn": "<your-role-arn>",
"RoleSessionName": "<your-role-session-name>",
}
session = RefreshableSession(
assume_role_kwargs=assume_role_kwargs
)
s3 = session.client('s3')
You can also create a Resource
the same way:
s3 = session.resource('s3')
Optional: set this session globally as the default for boto3:
import boto3
boto3.DEFAULT_SESSION = session
s3 = boto3.client('s3') # will use the custom session automatically
Parameters#
At a minimum, you must provide parameters for the STS assume_role
call via assume_role_kwargs
:
assume_role_kwargs = {
"RoleArn": "<your-role-arn>",
"RoleSessionName": "<your-session-name>",
"DurationSeconds": 3600, # optional
}
Optional keyword arguments for the underlying boto3.client("sts")
can be passed via sts_client_kwargs
:
sts_client_kwargs = {
"config": Config(retries={"max_attempts": 5})
}
And any arguments accepted by boto3.session.Session
(e.g., region_name
, etc.) can be passed directly:
session = RefreshableSession(
assume_role_kwargs=assume_role_kwargs,
sts_client_kwargs=sts_client_kwargs,
region_name="us-east-1"
)
Refresh Behavior#
There are two ways to trigger automatic credential refresh:
Deferred (default) — Refresh occurs only when credentials are required
Eager — Credentials are refreshed as soon as they expire
Set defer_refresh
to False to enable eager refresh:
session = RefreshableSession(
defer_refresh=False,
assume_role_kwargs=assume_role_kwargs
)
Warning
It is highly recommended to use the default: defer_refresh=True
.
Eager refresh adds overhead and is only suitable for low-latency systems that cannot tolerate refresh delays.
Parallel Usage and Performance#
If you’re working with large datasets and sensitive value detection or redaction,
you may wish to use boto3-refresh-session
in parallel.
The core session class is thread-safe and compatible with Python’s concurrent.futures
or multiprocessing
.
To maximize throughput:
Reuse a single
RefreshableSession
object across threads or subprocessesUse
defer_refresh=True
to avoid concurrent refreshes at process boundariesMount the session into a poolable or global shared object
Example (using concurrent.futures):
from concurrent.futures import ThreadPoolExecutor
from boto3_refresh_session import RefreshableSession
session = RefreshableSession(assume_role_kwargs={...})
def upload_one(bucket, key, body):
s3 = session.client("s3")
s3.put_object(Bucket=bucket, Key=key, Body=body)
with ThreadPoolExecutor() as executor:
futures = [
executor.submit(upload_one, "my-bucket", f"file-{i}", b"data")
for i in range(10)
]
for future in futures:
future.result()
Note
For process-based concurrency (e.g., ProcessPoolExecutor
), initialize the session
before spawning or forking the pool. This ensures memory is shared efficiently via copy-on-write,
and avoids unnecessary duplication of temporary credentials.