Are credentials auto updated for a session and client when using AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE

[mohitk1995]

Are client/session re-authenticate automatically by the library? We currently use assumed role and authentication file, AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE env variables are being used. Does AioRefreshableCredentials automatically takes care of it or we need to explicitly create object of it? Is there a example that cold tell how this could be done similar to [https://stackoverflow.com/a/69226170](Example for RefreshableCredentials)?

I want to create a session and client and keep using it indefinitely. As I am not passing any authentication param explicitly would _refresh function be called automatically? If not what is the current interval when the credentials are refreshed automatically.

Sample functionality:

import asyncio
import json
import os
from time import sleep

from aiobotocore.session import get_session

os.environ["AWS_ROLE_ARN"] = "arn:aws:iam::1234566:role/sagemaker-irsa-role-name"
os.environ["AWS_WEB_IDENTITY_TOKEN_FILE"] = "/path/to/AWS_WEB_IDENTITY_TOKEN_FILE"


async def get_client():
    session = get_session()
    async with session.create_client("sagemaker-runtime", region_name="us-west-2") as client:
        return client


async def main():
    client = await get_client()
    while True:
        # keep on using the client indefinitely without worrying about authentication.
        response = await client.invoke_endpoint(
            EndpointName="sagemaker-endpoint-name",
            ContentType="application/json",
            Body=json.dumps({"inputs": "How to create policy?"}),
            CustomAttributes="accept_eula=true",
        )
        response = await response["Body"].read()
        print(json.loads(response.decode("utf8")))
        sleep(5)


if __name__ == "__main__":
    asyncio.run(main())

Q 2. Also we want to call four endpoints so do we need to create four sessions and clients? Or just using a single client should be enough?

[thehesiod]

that code won't work, after you return the client it will be closed. but yes credentials should get auto updated like they do in botocore

[mohitk1995]

@thehesiod The code does work for me and client does not get closed.
Quick question: Can we make use of single client + session with multiple endpoints?

[thehesiod]

I highly recommend re-structuring your code, you're instructing aiobotocore to close the client and session after get_client returns. in terms of multiple endpoints, that's more of a botocore question not aiobotocore. I'm only aware of setting the endpoint_url on the client, which would mean you can only have one client per endpoint. However I'm not sure what kind of endpoint you're asking about.

[mohitk1995]

What is a good way to get an instance of client that could be used for ever?

We are using a client function invoke_endpoint to call endpoint does it modify the client itself? Is that the reason we should have single client for each endpoint? endpoint_name refers to the name of sagemaker endpoint in the conversation.

response = client.invoke_endpoint(
        EndpointName=endpoint_name,
        ContentType=content_type,
        Body=json.dumps(payload),
        CustomAttributes="accept_eula=true",
    )

[thehesiod]

async def main():
    session = get_session()
    async with session.create_client("sagemaker-runtime", region_name="us-west-2") as client:
        while True:
            # keep on using the client indefinitely without worrying about authentication.
            response = await client.invoke_endpoint(
                EndpointName="sagemaker-endpoint-name",
                ContentType="application/json",
                Body=json.dumps({"inputs": "How to create policy?"}),
                CustomAttributes="accept_eula=true",
            )
            response = await response["Body"].read()
            print(json.loads(response.decode("utf8")))
            sleep(5)

as for the endpoint question you should ask that here: https://github.com/boto/botocore/discussions as that's not specific to aiobotocore

[mohitk1995]

Asked it here.