[AWS Python] Configuration

You can access Amazon web services through the Management Console, AWS CLI, or AWS SDK. Boto3 is the AWS SDK for python.

Preparing the System

To use the Boto3, you need to install the following components.

• AWS CLI https://aws.amazon.com/cli/
• Python 3 https://www.python.org/downloads/

> python --version

> aws --version

Optionally you can setup the Python virtual environment in you working folder.

> python -m venv c:\path\to\myenv

And then, you can install boto3. https://pypi.org/project/boto3/

> pip show boto3

> pip install boto3

Configuring AWS CLI

The next step is to configure AWS CLI credentials and settings.

You can use the “aws configure” command to set the following settings.

• Access Key Id
• Secret Access Key
• Region
• Output

PS C:\WINDOWS\system32> aws configure
AWS Access Key ID [None]: AKIA4YIWYIEUHUTTN5DY
AWS Secret Access Key [None]: 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
Default region name [None]: us-east-1
Default output format [None]: json

The configuration is saved in the %UserProfile% in Windows and $HOME or ~ (tilde) in Unix-based systems.

~/.aws/credentials

[default]
aws_access_key_id = AKIA4YIWYIEUHUTTN5DY
aws_secret_access_key = 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

~/.aws/config

[default]
region = us-east-1
output = json 

You can check the current configuration using the “aws configure list” command.

PS C:\WINDOWS\system32> aws configure list
      Name                    Value             Type    Location
      ----                    -----             ----    --------
   profile                <not set>             None    None
access_key     ****************N5DY shared-credentials-file
secret_key     ****************jvvU shared-credentials-file
    region                us-east-1      config-file    ~/.aws/config

Accessing AWS using Python SDK

It is pretty easy to access AWS resources using Boto3 library.

https://aws.amazon.com/sdk-for-python/

• Boto3 is built on top of the library called Botocore, which provides the low-level session, configuration, and credentials.
• Boto3 provides the high-level session and the collection of resources.
• Boto3 client sends requests to service APIs using Botocore and AWS CLI.

Boto3 Client & Resource

Boto3 enables you to call AWS APIs using Python code. You can access most APIs through clients or resources.

Client

• A client provides low-level service access – requires more programming in general.
• Typically, a client-call maps 1:1 with the API, which gives you more control of an API call.
• A client uses the snake-case method names. 
  • ListBuckets ->list_buckets()
• In general, a client returns a dictionary that must be parsed.

Resource

• A resource provides high-level, object-oriented service access.
• In general, a resource returns the parsed data.
• You can get a client object by calling .meta.client

(Example) Getting the list of S3 buckets

import boto3

s3 = boto3.client('s3')
buckets = s3.list_buckets().get('Buckets')
for bucket in buckets:
    print(bucket['Name'])

import boto3

s3 = boto3.resource('s3')
for bucket in s3.buckets.all():
    print(bucket.name)

Configuring Credentials

https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html

Python SDK Examples

• Creating a new EC2 instance and Getting the list of EC2 instances

import boto3
 
ec2 = boto3.client('ec2')
response = ec2.run_instances(
  ImageId='ami-0cff7528ff583bf9a',
  InstanceType='t2.micro',
  KeyName='my-aws-key',
  MinCount=1,
  MaxCount=1
)

print(response)

ec2 = boto3.resource('ec2')
for instance in ec2.instances.all():
    print(instance)

• Getting the caller identity using AWS STS(Security Token Service)

import boto3

sts = boto3.client('sts')
identity = sts.get_caller_identity()
print(identity)