aws-annoying 0.3.0__py3-none-any.whl → 0.5.0__py3-none-any.whl

aws_annoying/session_manager/session_manager.py

@@ -28,15 +28,13 @@ logger = logging.getLogger(__name__)
 class SessionManager:
     """AWS Session Manager plugin manager."""
 
-    def __init__(self, *, session: boto3.session.Session | None = None, downloader: AbstractDownloader) -> None:
+    def __init__(self, *, session: boto3.session.Session | None = None) -> None:
         """Initialize SessionManager.
 
         Args:
             session: Boto3 session to use for AWS operations.
-            downloader: File downloader to use for downloading the plugin.
         """
         self.session = session or boto3.session.Session()
-        self.downloader = downloader
 
     # ------------------------------------------------------------------------
     # Installation
@@ -90,6 +88,7 @@ class SessionManager:
         linux_distribution: _LinuxDistribution | None = None,
         arch: str | None = None,
         root: bool | None = None,
+        downloader: AbstractDownloader,
     ) -> None:
         """Install AWS Session Manager plugin.
 
@@ -99,17 +98,23 @@ class SessionManager:
                 If `None` and current `os` is `"Linux"`, will try to detect the distribution from current system.
             arch: The architecture to install the plugin on. If `None`, will use the current architecture.
             root: Whether to run the installation as root. If `None`, will check if the current user is root.
+            downloader: File downloader to use for downloading the plugin.
         """
         os = os or platform.system()
         arch = arch or platform.machine()
 
         if os == "Windows":
-            self._install_windows()
+            self._install_windows(downloader=downloader)
         elif os == "Darwin":
-            self._install_macos(arch=arch, root=root or is_root())
+            self._install_macos(arch=arch, root=root or is_root(), downloader=downloader)
         elif os == "Linux":
             linux_distribution = linux_distribution or _detect_linux_distribution()
-            self._install_linux(linux_distribution=linux_distribution, arch=arch, root=root or is_root())
+            self._install_linux(
+                linux_distribution=linux_distribution,
+                arch=arch,
+                root=root or is_root(),
+                downloader=downloader,
+            )
         else:
             msg = f"Unsupported operating system: {os}"
             raise UnsupportedPlatformError(msg)
@@ -118,20 +123,20 @@ class SessionManager:
         """Hook to run before invoking plugin installation command."""
 
     # https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-windows.html
-    def _install_windows(self) -> None:
+    def _install_windows(self, *, downloader: AbstractDownloader) -> None:
         """Install session-manager-plugin on Windows via EXE installer."""
         download_url = (
             "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/windows/SessionManagerPluginSetup.exe"
         )
         with tempfile.TemporaryDirectory() as temp_dir:
             p = Path(temp_dir)
-            exe_installer = self.downloader.download(download_url, to=p / "SessionManagerPluginSetup.exe")
+            exe_installer = downloader.download(download_url, to=p / "SessionManagerPluginSetup.exe")
             command = [str(exe_installer), "/quiet"]
             self.before_install(command)
             subprocess.call(command, cwd=p)  # noqa: S603
 
     # https://docs.aws.amazon.com/systems-manager/latest/userguide/install-plugin-macos-overview.html
-    def _install_macos(self, *, arch: str, root: bool) -> None:
+    def _install_macos(self, *, arch: str, root: bool, downloader: AbstractDownloader) -> None:
         """Install session-manager-plugin on macOS via signed installer."""
         # ! Intel chip will not be supported
         if arch == "x86_64":
@@ -148,7 +153,7 @@ class SessionManager:
 
         with tempfile.TemporaryDirectory() as temp_dir:
             p = Path(temp_dir)
-            pkg_installer = self.downloader.download(download_url, to=p / "session-manager-plugin.pkg")
+            pkg_installer = downloader.download(download_url, to=p / "session-manager-plugin.pkg")
 
             # Run installer
             command = command_as_root(
@@ -179,6 +184,7 @@ class SessionManager:
         linux_distribution: _LinuxDistribution,
         arch: str,
         root: bool,
+        downloader: AbstractDownloader,
     ) -> None:
         name = linux_distribution.name
         version = linux_distribution.version
@@ -200,7 +206,7 @@ class SessionManager:
 
             with tempfile.TemporaryDirectory() as temp_dir:
                 p = Path(temp_dir)
-                deb_installer = self.downloader.download(download_url, to=p / "session-manager-plugin.deb")
+                deb_installer = downloader.download(download_url, to=p / "session-manager-plugin.deb")
 
                 # Invoke installation command
                 command = command_as_root(["dpkg", "--install", str(deb_installer)], root=root)
@@ -241,28 +247,25 @@ class SessionManager:
             raise UnsupportedPlatformError(msg)
 
     # ------------------------------------------------------------------------
-    # Session
+    # Command
     # ------------------------------------------------------------------------
-    def start(
+    def build_command(
         self,
-        *,
         target: str,
         document_name: str,
         parameters: dict[str, Any],
         reason: str | None = None,
-        log_file: Path | None = None,
-    ) -> subprocess.Popen:
-        """Start new session.
+    ) -> list[str]:
+        """Build command for starting a session.
 
         Args:
-            target: The target instance ID or name.
+            target: The target instance ID.
             document_name: The SSM document name to use for the session.
             parameters: The parameters to pass to the SSM document.
             reason: The reason for starting the session.
-            log_file: Optional file to log output to.
 
         Returns:
-            Process ID of the session.
+            The command to start the session.
         """
         is_installed, binary_path, version = self.verify_installation()
         if not is_installed:
@@ -279,7 +282,7 @@ class SessionManager:
         )
 
         region = self.session.region_name
-        command = [
+        return [
             str(binary_path),
             json.dumps(response),
             region,
@@ -289,20 +292,6 @@ class SessionManager:
             f"https://ssm.{region}.amazonaws.com",
         ]
 
-        stdout: subprocess._FILE
-        if log_file is not None:  # noqa: SIM108
-            stdout = log_file.open(mode="at+", buffering=1)
-        else:
-            stdout = subprocess.DEVNULL
-
-        return subprocess.Popen(  # noqa: S603
-            command,
-            stdout=stdout,
-            stderr=subprocess.STDOUT,
-            text=True,
-            close_fds=False,  # FD inherited from parent process
-        )
-
 
 # ? Could be moved to utils, but didn't because it's too specific to this module
 class _LinuxDistribution(NamedTuple):

aws_annoying/session_manager/shortcuts.py

@@ -0,0 +1,72 @@
+from __future__ import annotations
+
+import logging
+import subprocess
+from contextlib import contextmanager
+from typing import TYPE_CHECKING
+
+from .session_manager import SessionManager
+
+if TYPE_CHECKING:
+    from collections.abc import Iterator
+
+
+logger = logging.getLogger(__name__)
+
+
+@contextmanager
+def port_forward(
+    *,
+    through: str,
+    local_port: int,
+    remote_host: str,
+    remote_port: int,
+    reason: str | None = None,
+) -> Iterator[subprocess.Popen[str]]:
+    """Context manager for port forwarding sessions.
+
+    Args:
+        through: The instance ID to use as port-forwarding proxy.
+        local_port: The local port to listen to.
+        remote_host: The remote host to connect to.
+        remote_port: The remote port to connect to.
+        reason: The reason for starting the session.
+
+    Returns:
+        The command to start the session.
+    """
+    session_manager = SessionManager()
+    command = session_manager.build_command(
+        target=through,
+        document_name="AWS-StartPortForwardingSessionToRemoteHost",
+        parameters={
+            "localPortNumber": [str(local_port)],
+            "host": [remote_host],
+            "portNumber": [str(remote_port)],
+        },
+        reason=reason,
+    )
+    try:
+        proc = subprocess.Popen(  # noqa: S603
+            command,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.STDOUT,
+            text=True,
+        )
+
+        # * Must be unreachable
+        if proc.stdout is None:
+            msg = "Standard output is not available"
+            raise RuntimeError(msg)
+
+        # Wait for the session to start
+        # ? Not sure this is trustworthy health check
+        # TODO(lasuillard): Need timeout to avoid hanging forever
+        for line in proc.stdout:
+            if "Waiting for connections..." in line:
+                logger.info("Session started successfully.")
+                break
+
+        yield proc
+    finally:
+        proc.terminate()

aws_annoying/variables.py

@@ -0,0 +1,133 @@
+# flake8: noqa: B008
+from __future__ import annotations
+
+import json
+from typing import Any, TypedDict
+
+import boto3
+
+# Type aliases for readability
+_ARN = str
+_Variables = dict[str, Any]
+
+# TODO(lasuillard): Need some refactoring (with #2, #3)
+# TODO(lasuillard): Put some logging
+
+
+class _LoadStatsDict(TypedDict):
+    secrets: int
+    parameters: int
+
+
+class VariableLoader:  # noqa: D101
+    def __init__(self, *, dry_run: bool) -> None:
+        """Initialize the VariableLoader.
+
+        Args:
+            dry_run: Whether to run in dry-run mode.
+            console: Rich console instance.
+        """
+        self.dry_run = dry_run
+
+    # TODO(lasuillard): Currently not using pagination (do we need more than 10-20 secrets or parameters each?)
+    #                   ; consider adding it if needed
+    def load(self, map_arns: dict[str, _ARN]) -> tuple[dict[str, Any], _LoadStatsDict]:
+        """Load the variables from the AWS Secrets Manager and SSM Parameter Store.
+
+        Each secret or parameter should be a valid dictionary, where the keys are the variable names
+        and the values are the variable values.
+
+        The items are merged in the order of the key of provided mapping, overwriting the variables with the same name
+        in the order of the keys.
+        """
+        # Split the ARNs by resource types
+        secrets_map, parameters_map = {}, {}
+        for idx, arn in map_arns.items():
+            if arn.startswith("arn:aws:secretsmanager:"):
+                secrets_map[idx] = arn
+            elif arn.startswith("arn:aws:ssm:"):
+                parameters_map[idx] = arn
+            else:
+                msg = f"Unsupported resource: {arn!r}"
+                raise ValueError(msg)
+
+        # Retrieve variables from AWS resources
+        secrets: dict[str, _Variables]
+        parameters: dict[str, _Variables]
+        if self.dry_run:
+            secrets = {idx: {} for idx, _ in secrets_map.items()}
+            parameters = {idx: {} for idx, _ in parameters_map.items()}
+        else:
+            secrets = self._retrieve_secrets(secrets_map)
+            parameters = self._retrieve_parameters(parameters_map)
+
+        load_stats: _LoadStatsDict = {
+            "secrets": len(secrets),
+            "parameters": len(parameters),
+        }
+
+        # Merge the variables in order
+        full_variables = secrets | parameters  # Keys MUST NOT conflict
+        merged_in_order = {}
+        for _, variables in sorted(full_variables.items()):
+            merged_in_order.update(variables)
+
+        return merged_in_order, load_stats
+
+    def _retrieve_secrets(self, secrets_map: dict[str, _ARN]) -> dict[str, _Variables]:
+        """Retrieve the secrets from AWS Secrets Manager."""
+        if not secrets_map:
+            return {}
+
+        secretsmanager = boto3.client("secretsmanager")
+
+        # Retrieve the secrets
+        arns = list(secrets_map.values())
+        response = secretsmanager.batch_get_secret_value(SecretIdList=arns)
+        if errors := response["Errors"]:
+            msg = f"Failed to retrieve secrets: {errors!r}"
+            raise ValueError(msg)
+
+        # Parse the secrets
+        secrets = response["SecretValues"]
+        result = {}
+        for secret in secrets:
+            arn = secret["ARN"]
+            order_key = next(key for key, value in secrets_map.items() if value == arn)
+            data = json.loads(secret["SecretString"])
+            if not isinstance(data, dict):
+                msg = f"Secret data must be a valid dictionary, but got: {type(data)!r}"
+                raise TypeError(msg)
+
+            result[order_key] = data
+
+        return result
+
+    def _retrieve_parameters(self, parameters_map: dict[str, _ARN]) -> dict[str, _Variables]:
+        """Retrieve the parameters from AWS SSM Parameter Store."""
+        if not parameters_map:
+            return {}
+
+        ssm = boto3.client("ssm")
+
+        # Retrieve the parameters
+        parameter_names = list(parameters_map.values())
+        response = ssm.get_parameters(Names=parameter_names, WithDecryption=True)
+        if errors := response["InvalidParameters"]:
+            msg = f"Failed to retrieve parameters: {errors!r}"
+            raise ValueError(msg)
+
+        # Parse the parameters
+        parameters = response["Parameters"]
+        result = {}
+        for parameter in parameters:
+            arn = parameter["ARN"]
+            order_key = next(key for key, value in parameters_map.items() if value == arn)
+            data = json.loads(parameter["Value"])
+            if not isinstance(data, dict):
+                msg = f"Parameter data must be a valid dictionary, but got: {type(data)!r}"
+                raise TypeError(msg)
+
+            result[order_key] = data
+
+        return result

{aws_annoying-0.3.0.dist-info → aws_annoying-0.5.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aws-annoying
-Version: 0.3.0
+Version: 0.5.0
 Summary: Utils to handle some annoying AWS tasks.
 Project-URL: Homepage, https://github.com/lasuillard/aws-annoying
 Project-URL: Repository, https://github.com/lasuillard/aws-annoying.git
@@ -9,11 +9,11 @@ Author-email: Yuchan Lee <lasuillard@gmail.com>
 License-Expression: MIT
 License-File: LICENSE
 Requires-Python: <4.0,>=3.9
-Requires-Dist: boto3>=1.37.1
-Requires-Dist: pydantic>=2.10.6
-Requires-Dist: requests>=2.32.3
-Requires-Dist: tqdm>=4.67.1
-Requires-Dist: typer>=0.15.1
+Requires-Dist: boto3<2,>=1
+Requires-Dist: pydantic<3,>=2
+Requires-Dist: requests<3,>=2
+Requires-Dist: tqdm<5,>=4
+Requires-Dist: typer<1,>=0
 Provides-Extra: dev
 Requires-Dist: boto3-stubs[ec2,ecs,secretsmanager,ssm,sts]>=1.37.1; extra == 'dev'
 Requires-Dist: mypy~=1.15.0; extra == 'dev'

aws_annoying-0.5.0.dist-info/RECORD

@@ -0,0 +1,31 @@
+aws_annoying/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+aws_annoying/mfa.py,sha256=m6-V1bWeUWsAmRddl-lv13mPCMnftoPzJoNnZ0kiaWQ,2007
+aws_annoying/variables.py,sha256=a9cMS9JU-XA2h1tztO7ofixoDEpqtS_eVEiWrQ75mTo,4761
+aws_annoying/cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+aws_annoying/cli/app.py,sha256=sp50uVoAl4D6Wk3DFpzKZzSsxmSxNYejFxm62b_Kxps,201
+aws_annoying/cli/ecs_task_definition_lifecycle.py,sha256=O36Bf5LBnVJNyYmdlUxhtsIHNoxky1t5YacAXiL9UEI,2803
+aws_annoying/cli/load_variables.py,sha256=eWNByUEc1ijF8uCe_egdAnjWxfMNCZeVr0vtTtQLe3Y,5086
+aws_annoying/cli/main.py,sha256=TSzPeMkgIgKFf3bom_vDkFYK0bHF1r5K9ADreZUV3k4,503
+aws_annoying/cli/mfa/__init__.py,sha256=rbEGhw5lOQZV_XAc3nSbo56JVhsSPpeOgEtiAy9qzEA,50
+aws_annoying/cli/mfa/_app.py,sha256=Ub7gxb6kGF3Ve1ucQSOjHmc4jAu8mxgegcXsIbOzLLQ,189
+aws_annoying/cli/mfa/configure.py,sha256=vsoHfTVFF2dPgiYsp2L-EkMwtAA0_-tVwFd6Wv6DscU,3746
+aws_annoying/cli/session_manager/__init__.py,sha256=FkT6jT6OXduOURN61d-U6hgd-XluQbvuVtKXXiXgSEk,105
+aws_annoying/cli/session_manager/_app.py,sha256=OVOHW0iyKzunvaqLhjoseHw1-WxJ1gGb7QmiyAEezyY,221
+aws_annoying/cli/session_manager/_common.py,sha256=u23F4mJOHWHphLYL1gOAh8J3a_Odyk4VVvI175KWmzg,1616
+aws_annoying/cli/session_manager/install.py,sha256=zcQi91xVFKhbSOD4VBc6YG9-fDnhymVyK63PlITdxug,1445
+aws_annoying/cli/session_manager/port_forward.py,sha256=J8_CIrTsbcOYRYOdHkdz81dkaNWxI_l70E8gyJ-Ukh8,4192
+aws_annoying/cli/session_manager/start.py,sha256=pPS0jKuURGTX-WTix3owqqisX-bmCydqfyqC0kFGnt8,1358
+aws_annoying/cli/session_manager/stop.py,sha256=ttU6nlbVgBkZDtY-DwUyCstv5TFtat5TljkyuY8QICU,1482
+aws_annoying/session_manager/__init__.py,sha256=IENviL3ux2LF7o9xFGYEiqaGw03hxnyNX2btbB1xyEU,318
+aws_annoying/session_manager/errors.py,sha256=YioKlRtZ-GUP0F_ts_ebw7-HYkxe8mTes6HK821Kuiw,353
+aws_annoying/session_manager/session_manager.py,sha256=myZxY_WE4akdlTsH1mOvf0Ublwg-hf1vEkEcmdZyYSU,12147
+aws_annoying/session_manager/shortcuts.py,sha256=uFRPGia_5gqfBDxwOjmLg7UFzhvkSFUqopWuzN5_kbA,1973
+aws_annoying/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+aws_annoying/utils/debugger.py,sha256=UFllDCGI2gPtwo1XS5vqw0qyR6bYr7XknmBwSxalKIc,754
+aws_annoying/utils/downloader.py,sha256=aB5RzT-LpbFX24-2HXlAkdgVowc4TR9FWT_K8WwZ1BE,1923
+aws_annoying/utils/platform.py,sha256=h3DUWmTMM-_4TfTWNqY0uNqyVsBjAuMm2DEbG-daxe8,742
+aws_annoying-0.5.0.dist-info/METADATA,sha256=kHaGAHqfkZ8Ip4NzcLbE7Bh01oA1CvoTsUa3Ljx1ctU,1916
+aws_annoying-0.5.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+aws_annoying-0.5.0.dist-info/entry_points.txt,sha256=DcKE5V0WvVJ8wUOHxyUz1yLAJOuuJUgRPlMcQ4O7jEs,66
+aws_annoying-0.5.0.dist-info/licenses/LICENSE,sha256=Q5GkvYijQ2KTQ-QWhv43ilzCno4ZrzrEuATEQZd9rYo,1067
+aws_annoying-0.5.0.dist-info/RECORD,,

aws_annoying-0.5.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+aws-annoying = aws_annoying.cli.main:entrypoint

aws_annoying/load_variables.py

@@ -1,254 +0,0 @@
-# flake8: noqa: B008
-from __future__ import annotations
-
-import json
-import os
-import subprocess
-from typing import Any, NoReturn, Optional
-
-import boto3
-import typer
-from rich.console import Console
-from rich.table import Table
-
-from .app import app
-
-
-@app.command(
-    context_settings={
-        # Allow extra arguments for user provided command
-        "allow_extra_args": True,
-        "ignore_unknown_options": True,
-    },
-)
-def load_variables(  # noqa: PLR0913
-    *,
-    ctx: typer.Context,
-    arns: list[str] = typer.Option(
-        [],
-        metavar="ARN",
-        help=(
-            "ARNs of the secret or parameter to load."
-            " The variables are loaded in the order of the ARNs,"
-            " overwriting the variables with the same name in the order of the ARNs."
-        ),
-    ),
-    env_prefix: Optional[str] = typer.Option(
-        None,
-        help="Prefix of the environment variables to load the ARNs from.",
-        show_default=False,
-    ),
-    overwrite_env: bool = typer.Option(
-        False,  # noqa: FBT003
-        help="Overwrite the existing environment variables with the same name.",
-    ),
-    quiet: bool = typer.Option(
-        False,  # noqa: FBT003
-        help="Suppress all outputs from this command.",
-    ),
-    dry_run: bool = typer.Option(
-        False,  # noqa: FBT003
-        help="Print the progress only. Neither load variables nor run the command.",
-    ),
-    replace: bool = typer.Option(
-        True,  # noqa: FBT003
-        help=(
-            "Replace the current process (`os.execvpe`) with the command."
-            " If disabled, run the command as a `subprocess`."
-        ),
-    ),
-) -> NoReturn:
-    """Wrapper command to run command with variables from AWS resources injected as environment variables.
-
-    This script is intended to be used in the ECS environment, where currently AWS does not support
-    injecting whole JSON dictionary of secrets or parameters as environment variables directly.
-
-    It first loads the variables from the AWS sources then runs the command with the variables injected as environment variables.
-
-    In addition to `--arns` option, you can provide ARNs as the environment variables by providing `--env-prefix`.
-    For example, if you have the following environment variables:
-
-    ```shell
-    export LOAD_AWS_CONFIG__001_app_config=arn:aws:secretsmanager:...
-    export LOAD_AWS_CONFIG__002_db_config=arn:aws:ssm:...
-    ```
-
-    You can run the following command:
-
-    ```shell
-    aws-annoying load-variables --env-prefix LOAD_AWS_CONFIG__ -- ...
-    ```
-
-    The variables are loaded in the order of option provided, overwriting the variables with the same name in the order of the ARNs.
-    Existing environment variables are preserved by default, unless `--overwrite-env` is provided.
-    """  # noqa: E501
-    console = Console(quiet=quiet, emoji=False)
-
-    command = ctx.args
-    if not command:
-        console.print("⚠️ No command provided. Exiting...")
-        raise typer.Exit(0)
-
-    # Mapping of the ARNs by index (index used for ordering)
-    map_arns_by_index = {str(idx): arn for idx, arn in enumerate(arns)}
-    if env_prefix:
-        console.print(f"🔍 Loading ARNs from environment variables with prefix: {env_prefix!r}")
-        arns_env = {
-            key.removeprefix(env_prefix): value for key, value in os.environ.items() if key.startswith(env_prefix)
-        }
-        console.print(f"🔍 Found {len(arns_env)} sources from environment variables.")
-        map_arns_by_index = arns_env | map_arns_by_index
-
-    # Briefly show the ARNs
-    table = Table("Index", "ARN")
-    for idx, arn in sorted(map_arns_by_index.items()):
-        table.add_row(idx, arn)
-
-    console.print(table)
-
-    # Retrieve the variables
-    loader = VariableLoader(dry_run=dry_run, console=console)
-    try:
-        variables = loader.load(map_arns_by_index)
-    except Exception as exc:  # noqa: BLE001
-        console.print(f"❌ Failed to load the variables: {exc!s}")
-        raise typer.Exit(1) from None
-
-    # Prepare the environment variables
-    env = os.environ.copy()
-    if overwrite_env:
-        env.update(variables)
-    else:
-        # Update variables, preserving the existing ones
-        for key, value in variables.items():
-            env.setdefault(key, str(value))
-
-    # Run the command with the variables injected as environment variables, replacing current process
-    console.print(f"🚀 Running the command: [bold orchid]{' '.join(command)}[/bold orchid]")
-    if replace:  # pragma: no cover (not coverable)
-        os.execvpe(command[0], command, env=env)  # noqa: S606
-        # The above line should never return
-
-    result = subprocess.run(command, env=env, check=False)  # noqa: S603
-    raise typer.Exit(result.returncode)
-
-
-# Type aliases for readability
-_ARN = str
-_Variables = dict[str, Any]
-
-
-class VariableLoader:  # noqa: D101
-    def __init__(self, *, console: Console | None = None, dry_run: bool) -> None:
-        """Initialize the VariableLoader.
-
-        Args:
-            dry_run: Whether to run in dry-run mode.
-            console: Rich console instance.
-        """
-        self.console = console or Console(quiet=True)
-        self.dry_run = dry_run
-
-    # TODO(lasuillard): Currently not using pagination (do we need more than 10-20 secrets or parameters each?)
-    #                   ; consider adding it if needed
-    def load(self, map_arns: dict[str, _ARN]) -> dict[str, Any]:
-        """Load the variables from the AWS Secrets Manager and SSM Parameter Store.
-
-        Each secret or parameter should be a valid dictionary, where the keys are the variable names
-        and the values are the variable values.
-
-        The items are merged in the order of the key of provided mapping, overwriting the variables with the same name
-        in the order of the keys.
-        """
-        self.console.print("🔍 Retrieving variables from AWS resources...")
-        if self.dry_run:
-            self.console.print("⚠️ Dry run mode enabled. Variables won't be loaded from AWS.")
-
-        # Split the ARNs by resource types
-        secrets_map, parameters_map = {}, {}
-        for idx, arn in map_arns.items():
-            if arn.startswith("arn:aws:secretsmanager:"):
-                secrets_map[idx] = arn
-            elif arn.startswith("arn:aws:ssm:"):
-                parameters_map[idx] = arn
-            else:
-                msg = f"Unsupported resource: {arn!r}"
-                raise ValueError(msg)
-
-        # Retrieve variables from AWS resources
-        secrets: dict[str, _Variables]
-        parameters: dict[str, _Variables]
-        if self.dry_run:
-            secrets = {idx: {} for idx, _ in secrets_map.items()}
-            parameters = {idx: {} for idx, _ in parameters_map.items()}
-        else:
-            secrets = self._retrieve_secrets(secrets_map)
-            parameters = self._retrieve_parameters(parameters_map)
-
-        self.console.print(f"✅ Retrieved {len(secrets)} secrets and {len(parameters)} parameters.")
-
-        # Merge the variables in order
-        full_variables = secrets | parameters  # Keys MUST NOT conflict
-        merged_in_order = {}
-        for _, variables in sorted(full_variables.items()):
-            merged_in_order.update(variables)
-
-        return merged_in_order
-
-    def _retrieve_secrets(self, secrets_map: dict[str, _ARN]) -> dict[str, _Variables]:
-        """Retrieve the secrets from AWS Secrets Manager."""
-        if not secrets_map:
-            return {}
-
-        secretsmanager = boto3.client("secretsmanager")
-
-        # Retrieve the secrets
-        arns = list(secrets_map.values())
-        response = secretsmanager.batch_get_secret_value(SecretIdList=arns)
-        if errors := response["Errors"]:
-            msg = f"Failed to retrieve secrets: {errors!r}"
-            raise ValueError(msg)
-
-        # Parse the secrets
-        secrets = response["SecretValues"]
-        result = {}
-        for secret in secrets:
-            arn = secret["ARN"]
-            order_key = next(key for key, value in secrets_map.items() if value == arn)
-            data = json.loads(secret["SecretString"])
-            if not isinstance(data, dict):
-                msg = f"Secret data must be a valid dictionary, but got: {type(data)!r}"
-                raise TypeError(msg)
-
-            result[order_key] = data
-
-        return result
-
-    def _retrieve_parameters(self, parameters_map: dict[str, _ARN]) -> dict[str, _Variables]:
-        """Retrieve the parameters from AWS SSM Parameter Store."""
-        if not parameters_map:
-            return {}
-
-        ssm = boto3.client("ssm")
-
-        # Retrieve the parameters
-        parameter_names = list(parameters_map.values())
-        response = ssm.get_parameters(Names=parameter_names, WithDecryption=True)
-        if errors := response["InvalidParameters"]:
-            msg = f"Failed to retrieve parameters: {errors!r}"
-            raise ValueError(msg)
-
-        # Parse the parameters
-        parameters = response["Parameters"]
-        result = {}
-        for parameter in parameters:
-            arn = parameter["ARN"]
-            order_key = next(key for key, value in parameters_map.items() if value == arn)
-            data = json.loads(parameter["Value"])
-            if not isinstance(data, dict):
-                msg = f"Parameter data must be a valid dictionary, but got: {type(data)!r}"
-                raise TypeError(msg)
-
-            result[order_key] = data
-
-        return result