From ce64e862198b5b1dcaefc0124c8bc967cb3ed600 Mon Sep 17 00:00:00 2001 From: Jason Antman Date: Sat, 11 Mar 2017 15:16:06 -0500 Subject: [PATCH] fixes #123 - update docs on use of session or federation tokens in credentials --- CHANGES.rst | 1 + docs/source/getting_started.rst | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 7f3a4092..9fa84605 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -37,6 +37,7 @@ or bug reports specific to 3.2 will be closed. * `Issue #236 `_ - Drop support for Python 3.2; stop testing under py32. * `Issue #257 `_ - Handle ElastiCache DescribeCacheCluster responses that are missing ``CacheNodes`` key in a cluster description. * `Issue #200 `_ - Remove EC2 Spot Instances/Fleets limits from experimental status. +* `Issue #123 `_ - Update documentation on using session tokens (Session or Federation temporary creds). 0.7.0 (2017-01-15) ------------------ diff --git a/docs/source/getting_started.rst b/docs/source/getting_started.rst index 7afd9cc0..24e717ab 100644 --- a/docs/source/getting_started.rst +++ b/docs/source/getting_started.rst @@ -117,7 +117,10 @@ API calls will throw errors when trying to access the IAM API (except for Sessio work for IAM API calls only if an MFA token is used). Furthermore, Federation tokens cannot make use of the STS AssumeRole functionality. If you attempt to use awslimitchecker with credentials generated by these APIs (commonly used by organizations to hand out limited-lifetime credentials), you will likely -encounter errors. +encounter errors when checking IAM limits. If this is acceptable, you can use these credentials by setting +the ``AWS_SESSION_TOKEN`` environment variable in addition to ``AWS_ACCESS_KEY_ID`` and ``AWS_SECRET_ACCESS_KEY``, +or by otherwise configuring these credentials in a way that's supported by +`boto3 `_. .. _getting_started.regions: