How to specify Credentials when connecting to AWS services using Boto3

boto3 aws
Reading Time: 3 minutes

Hello Readers! As we know AWS has become a leader in cloud computing. We have different ways of automating AWS services nowadays. One of the ways is python scripting with Boto3. Boto3 is the name of the python open source SDK for Amazon Web Services. So, for doing this we need to give AWS Credentials in boto3. In this blog we will see how many ways we can specify our credentials using boto3.

Prerequisites:

We have some prerequisites that we need first:

  1. You must have installed Python3 on your system.
  2. You must have installed Boto3 on your system. Do prefer this blog for the setup of Boto3: https://blog.knoldus.com/introduction-to-boto3-and-its-installation/
  3. Generate your AWS security credentials.

Ways to specify Credentials are:

1. Environment Variables

This approach is useful for security purposes. You can easily share your code on GitHub or you can also give it to some person without any worries about exposing your user credentials. But you cannot use this method if you have multiple AWS users and you want to switch your roles.

Here I will give you an example of os variables how you can use it. Firstly you need to export your variable as shown below:

export AWS_ACCESS_KEY=<paste your access key>
export AWS_SECRET_KEY=<paste your secret key>

After exporting you can easily use your credentials like:

import os

ec2 = boto3.client('ec2',
                   aws_access_key_id=os.environ.get('AWS_ACCESS_KEY'),
                   aws_secret_access_key = os.environ.get('AWS_SECRET_KEY'),
                   region_name="ap-south-1")

2. By using AWS Config File:

For using the AWS config file you must have aws configured on your system. Install AWS CLI and Configure it. If you want to check if you have configured it or not, you can check it like this.

AWS credentials using boto3

The AWS credentials will be stored in ~/.aws/credentials and the content will look like below:

[default]
aws_access_key_id=<your_access_key_id>;
aws_secret_access_key=<your_secret_access_key>;

You can use credentials from AWS credentials file by using below parameters:

For access key id use : settings.AWS_SERVER_PUBLIC_KEY

For secret key id use : settings.AWS_SERVER_SECRET_KEY

You can use credentials like these in your program if you want to create a session or client. Use this code to create a boto3 client:

s3_client = boto3.client('s3',
aws_access_key_id=settings.AWS_SERVER_PUBLIC_KEY,
aws_secret_access_key=settings.AWS_SERVER_SECRET_KEY,
region_name=REGION_NAME
)

3. Fetching Credentials dynamically:

I hope you all are well aware of creating boto3 sessions and clients with credentials. If you want to read the credentials again from the boto3 session then use the get_credentials( ) method. You can get access_key id using the .access_key attribute and secret key using the .secret_key attribute.

Use following sample of code for reading the credentials again:

import botocore.session
session = botocore.session.get_session()
print(session.get_credentials().access_key)
print(session.get_credentials().secret_key)

In your output you will find your credentials:

<your_access_key_id>
<your_secret_access_key>

4. Passing Credentials as Parameters:

This is the easiest way to use your credentials. By using this method we simply pass our access key and secret access to boto3 as a parameter while creating a service, client or resource. As in this method we pass our credentials as hard coded string So, this method is not recommended. 

import boto3
client = boto3.client(
    's3',
    aws_access_key_id=ACCESS_KEY,
    aws_secret_access_key=SECRET_KEY,
    aws_session_token=SESSION_TOKEN,
)

If you are using this approach it is not safe as anyone can easily see your key. If you are pushing this code to your github then anyone can easily fetch your credentials and use your AWS credentials. So before using this method be aware of this.

Conclusion

Thank you for sticking to the end. In this blog we have seen different ways to specify our credentials in boto3.If you like this blog, please do show your appreciation by giving thumbs ups and share this blog and give me suggestions on how I can improve my future posts to suit your needs. 

HAPPY LEARNING!

knoldus

Written by 

Naincy Kumari is a DevOps Consultant at Knoldus Inc. She is always ready to learn new technologies and tools. She loves painting and dancing.