|
| 1 | +.. _qanda: |
| 2 | + |
| 3 | +Q&A |
| 4 | +--- |
| 5 | + |
| 6 | +Answers to some common questions (and criticisms). |
| 7 | + |
| 8 | +Doesn't boto3 already refresh temporary credentials? |
| 9 | +==================================================== |
| 10 | + |
| 11 | +**No.** |
| 12 | + |
| 13 | +Botocore has methods for *manually* refreshing temporary credentials. |
| 14 | +Those methods are explicitly used in this package. |
| 15 | +However, those methods, as just mentioned, must be applied *manually*. |
| 16 | +There is no way of *automatically* refreshing temporary credentials. |
| 17 | +This can be frustrating in some situations. |
| 18 | +The boto3 developers have consistently decided not to introduce automatically refreshing temporary credentials. |
| 19 | +This is a conspicuously odd decision since `in aws-sdk-go-v2 <https://github.com/aws/aws-sdk-go-v2/blob/8e8487a51e9eb22a101c49cc61b98ca8990c1322/aws/credential_cache.go#L57>`_ allows it . . . |
| 20 | +BRS was released to address this shortcoming specifically. |
| 21 | + |
| 22 | +Is this package really necessary? |
| 23 | +================================= |
| 24 | + |
| 25 | +As mentioned above, it is possible to refresh temporary credentials *manually*, but not everyone feels like doing that. |
| 26 | +It is far easier to import an actively supported package which addresses that problem. |
| 27 | + |
| 28 | +How are people using BRS? |
| 29 | +========================= |
| 30 | + |
| 31 | +Below is a testimonial from a Cyber Security Engineer at a FAANG company who uses BRS: |
| 32 | + |
| 33 | +*"Most of my work is on tooling related to AWS security, so I'm pretty choosy about boto3 credentials-adjacent code. |
| 34 | +I often opt to just write this sort of thing myself so I at least know that I can reason about it. |
| 35 | +But I found boto3-refresh-session to be very clean and intuitive . . . |
| 36 | +We're using the RefreshableSession class as part of a client cache construct . . . |
| 37 | +We're using AWS Lambda to perform lots of operations across several regions in hundreds of accounts, over and over again, all day every day. |
| 38 | +And it turns out that there's a surprising amount of overhead to creating boto3 clients (mostly deserializing service definition json), |
| 39 | +so we can run MUCH more efficiently if we keep a cache of clients, all equipped with automatically refreshing sessions."* |
| 40 | + |
| 41 | +Why aren't many of the parameters for initializing :class:`boto3_refresh_session.session.RefreshableSession` included as attributes? |
| 42 | +==================================================================================================================================== |
| 43 | + |
| 44 | +Good question. |
| 45 | + |
| 46 | +BRS was developed to be as simple and intuitive as possible. |
| 47 | +Parameters like ``defer_refresh`` and ``assume_role_kwargs``, et al are not part of ``boto3`` so add clutter. |
| 48 | +Functionally, those parameters are also only useful when initializing :class:`boto3_refresh_session.session.RefreshableSession`. |
| 49 | +Thus, it was decided *not* to include those parameters as attributes. |
| 50 | + |
| 51 | +Can I submit a request to change BRS? I'd like a few things to be different. |
| 52 | +============================================================================ |
| 53 | + |
| 54 | +It depends. |
| 55 | + |
| 56 | +If you want *additional* features, like a CLI tool, then there is a good chance that your request will be added. |
| 57 | + |
| 58 | +*However*, if your requested changes are *highly idiosyncratic* or *redactive* -- that is, not generalizable to as many use cases as possible -- then it is suggested that you fork BRS, make your changes, and use those locally instead. |
| 59 | +The above user testimonial came from a team who lightly edited BRS in order to satisfy certain requirements that they intuitively understood did not apply to all users. |
| 60 | +Do what that team did. |
| 61 | +The MIT license for BRS makes changes and forks completely permissible. |
| 62 | +BRS has thousands of users. |
| 63 | +Breaking changes have massive implications. |
| 64 | + |
| 65 | +Before submitting a request, ask yourself: *does my request behoove all users, or just me . . . ?* |
0 commit comments