Category: AWS

Renew AWS SessionToken and store values in Azure KeyVault

Why do you need this?

Using temporary session tokens sounds like a good way to e.g. import data from S3 in Azure Data Factory, like it is described here Copy data from Amazon Simple Storage Service (S3) – Azure Data Factory | Microsoft Docs. Azure Data Factory can use secrets stored in Azure KeyVault for authentication (see here Store credentials in Azure Key Vault – Azure Data Factory | Microsoft Docs).

Anyway, whatever you use case is, you might want to use secrets stored in KeyVault to access AWS resources 🙂

Description of the solution

I’ve created a sample Azure Function that updates the session token every hour (or manually) on GitHub.

Architecture overview (not pretty, but hopefully readable)

The sample code is available in this repository ReneHezser/RH-TokenRefresh-Function: This sample contains an Azure Function (actually two: one is called via Timer every hour, the other one is for manual trigger via HTTP) that uses an AWS user to create Session Tokens. (github.com).