CODEWITHSUNDEEP
pythonamazon-web-servicesboto
naga4ce
naga4ce

Reputation: 1575

How to validate Amazon access key and secret key is correct?

I wrote a function to validate the AWS keys by just creating the ec2 connection object

import boto.ec2
try:
    ec2Conn = boto.ec2.connect_to_region(region, aws_access_key_id=access_key, aws_secret_access_key=secret_key)
    return ec2Conn
except boto.exception.EC2ResponseError as e:
    print e

But even if the secret key is wrong still it creates the ec2 connection object.

So I validate the access key and secret key by fetching the regions,

region = ec2Conn.get_all_regions()

Is there any method or way rather than the fetching region to validate the access key and secret key?

Upvotes: 9

Views: 12813

Answers (2)

Pranav Joglekar
Pranav Joglekar

Reputation: 747

get_all_regions() works, but like @Paradigm suggested in a comment. The GetCallerIdentity is the right call to make.

Reference:

https://docs.aws.amazon.com/STS/latest/APIReference/API_GetCallerIdentity.html https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/STS.html

Upvotes: 1

garnaat
garnaat

Reputation: 45856

The only way to verify AWS credentials is to actually use them to sign a request and see if it works. You are correct that simply creating the connection object tells you nothing because it doesn't perform a request. So you have to pick some request that should always work, won't return a huge amount of data, and doesn't create any resources on the server side. I think the get_all_regions() request is a pretty good choice.

Upvotes: 12

Related Questions