[PR #2906] [CLOSED] Add boto3-refresh-session #11243

New Issue

GiteaMirror · 2026-04-24T06:03:27-05:00

GiteaMirror commented

2026-04-24 06:03:27 -05:00

📋 Pull Request Information

Original PR: https://github.com/vinta/awesome-python/pull/2906
Author: @michaelthomasletts
Created: 2/9/2026
Status: ❌ Closed

Base: master ← Head: boto3-refresh-session

📝 Commits (2)

6b5bac6 Add boto3-refresh-session to DevOps Tools > Cloud Providers
00e35ef Update README.md

📊 Changes

1 file changed (+1 additions, -0 deletions)

View changed files

📝 README.md (+1 -0)

📄 Description

Project

boto3-refresh-session (GitHub)
Official Documentation
PyPI

Checklist

One project per PR
PR title format: Add project-name
Entry format: * [project-name](url) - Description ending with period.
Description is concise and short

Why This Project Is Awesome

Which criterion does it meet? (pick one)

Industry Standard - The go-to tool for a specific use case
Rising Star - 5000+ stars in < 2 years, significant adoption
Hidden Gem - Exceptional quality, solves niche problems elegantly

Recognition

Featured in TL;DR Sec

Featured in CloudSec List

What is it?

boto3-refresh-session is a simple Python package with a drop-in replacement for boto3.Session named RefreshableSession. It automatically refreshes temporary AWS credentials, caches clients, and supports MFA token providers. It supports automatic temporary AWS security credential refresh for STS, IOT Core, and custom credential callables. And it is thoroughly tested, regularly updated, comprehensively documentated, and published to PyPI.

Why does it matter? And how does it differ from alternatives?

Although boto3 already supports automatic temporary credential refresh via role assumption as configured in ~/.aws/config, there are scenarios and edge cases where that is insufficient. Below are just a few examples:

Profiles or configs are unavailable or impractical (e.g., containerized or serverless environments)
You need to explicitly assume roles in a program (not profiles or configs) and hand those credentials around without worrying about expiration
Custom credential providers are required (e.g. IOT, external ID, etc.)

boto3-refresh-session exists to fill those gaps (and others not listed) while maintaining full compatibility with boto3.

Although there are other open source tools available which address automatic temporary AWS credential refresh, boto3-refresh-session is ergonomically designed to feel like an extension of boto3 (with a few extra parameters) rather than a separate library with a completely unfamiliar API. Using boto3-refresh-session, you can initialize service clients, resources, collections, etc. from RefreshableSession exactly like you would in boto3. More, the available alternatives to boto3-refresh-session do not support the breadth of features that boto3-refresh-session does, such as client caching, MFA token provider support, or IoT Core X.509 credential refresh, among others. Even if someone doesn't need boto3-refresh-session's core feature (automatic temporary AWS credential refresh), the client caching feature will almost certainly still be useful to them.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/vinta/awesome-python/pull/2906 **Author:** [@michaelthomasletts](https://github.com/michaelthomasletts) **Created:** 2/9/2026 **Status:** ❌ Closed **Base:** `master` ← **Head:** `boto3-refresh-session` --- ### 📝 Commits (2) - [`6b5bac6`](https://github.com/vinta/awesome-python/commit/6b5bac61ae72c160498007f9867e61785d26c895) Add boto3-refresh-session to DevOps Tools > Cloud Providers - [`00e35ef`](https://github.com/vinta/awesome-python/commit/00e35ef3da59ba561e99777ebc262905c437be92) Update README.md ### 📊 Changes **1 file changed** (+1 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+1 -0) </details> ### 📄 Description ## Project [boto3-refresh-session (GitHub)](https://github.com/michaelthomasletts/boto3-refresh-session) [Official Documentation](https://michaelthomasletts.com/boto3-refresh-session/index.html) [PyPI](https://pypi.org/project/boto3-refresh-session/) ## Checklist - [x] One project per PR - [x] PR title format: `Add project-name` - [x] Entry format: `* [project-name](url) - Description ending with period.` - [x] Description is concise and short ## Why This Project Is Awesome Which criterion does it meet? (pick one) - [ ] **Industry Standard** - The go-to tool for a specific use case - [ ] **Rising Star** - 5000+ stars in < 2 years, significant adoption - [x] **Hidden Gem** - Exceptional quality, solves niche problems elegantly ## Recognition [Featured in TL;DR Sec](https://tldrsec.com/p/tldr-sec-282) [Featured in CloudSec List](https://cloudseclist.com/issues/issue-290/) ## What is it? boto3-refresh-session is a simple Python package with a drop-in replacement for [boto3.Session](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html#boto3.session.Session) named [RefreshableSession](https://michaelthomasletts.com/boto3-refresh-session/api/generated/boto3_refresh_session.session.RefreshableSession.html#boto3_refresh_session.session.RefreshableSession). It automatically refreshes temporary AWS credentials, [caches clients](https://michaelthomasletts.com/boto3-refresh-session/usage.html#client-caching), and [supports MFA token providers](https://michaelthomasletts.com/boto3-refresh-session/usage.html#mfa). It supports automatic temporary AWS security credential refresh for STS, IOT Core, and custom credential callables. And it is [thoroughly tested](https://github.com/michaelthomasletts/boto3-refresh-session/tree/main/tests), [regularly updated](https://github.com/michaelthomasletts/boto3-refresh-session/commits/main/), [comprehensively documentated](https://michaelthomasletts.github.io/boto3-refresh-session/index.html), and [published to PyPI](https://pypi.org/project/boto3-refresh-session/). ## Why does it matter? And how does it differ from alternatives? Although boto3 already supports automatic temporary credential refresh via role assumption as configured in `~/.aws/config`, there are scenarios and edge cases where that is insufficient. Below are just a *few* examples: - Profiles or configs are unavailable or impractical (e.g., containerized or serverless environments) - You need to explicitly assume roles in a program (not profiles or configs) and hand those credentials around without worrying about expiration - Custom credential providers are required (e.g. IOT, external ID, etc.) **boto3-refresh-session exists to fill those gaps (and others not listed) while maintaining full compatibility with boto3.** Although there are other open source tools available which address automatic temporary AWS credential refresh, boto3-refresh-session is ergonomically designed to feel like an _extension_ of boto3 (with a few extra parameters) rather than a separate library with a completely unfamiliar API. Using boto3-refresh-session, you can initialize service clients, resources, collections, etc. from `RefreshableSession` exactly like you would in boto3. More, the available alternatives to boto3-refresh-session do not support the _breadth_ of features that boto3-refresh-session does, such as client caching, MFA token provider support, or IoT Core X.509 credential refresh, among others. Even if someone doesn't need boto3-refresh-session's core feature (automatic temporary AWS credential refresh), the client caching feature will almost certainly still be useful to them. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-24 06:03:27 -05:00

GiteaMirror closed this issue

2026-04-24 06:03:27 -05:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/awesome-python#11243