mrc
Reputation: 3163
How to use boto3 without AWS Vault?
I have the following method that is working in Python:
def connect_s3_boto3():
try:
os.environ['AWS_PROFILE'] = "a9e"
s3 = boto3.resource('s3')
return s3
except:
raise
The issue is that works using ~/.aws/config:
[profile home]
aws_access_key_id=ID
aws_secret_access_key=SECRET
[profile a9e]
region=eu-west-1
role_arn=DAROLE
source_profile=home
So, I've a set of doubts. In a production environment where I want to use that method, I need to set AWS Vault? There is no other alternative? For example using IAM_ROLE as in boto2.
Upvotes: 1
Views: 2479
Answers (1)
John Rotenstein
Reputation: 269826
For code running on an Amazon EC2 instance:
- Create an IAM Role and assign appropriate permissions
- Associate the role with an Amazon EC2 instance
- Any code running on the instance that calls an AWS SDK will automatically obtain credentials associated with the role
- There is no need to put Access Key, Secret Key nor Role in the config/credentials files
See: IAM Roles for Amazon EC2 - Amazon Elastic Compute Cloud
If you are running code on a non-EC2 computer, then you will need entries in the config/credentials files. This will involve at minimum an Access Key and Secret Key associated with an IAM User. If you then wish to use an IAM Role, the code would need to AssumeRole() using those credentials.
Upvotes: 1
Related Questions
- Boto3 exception NoCredentialsError
- Verify AWS Credentials with boto3
- Programmatically establish boto3 sessions with AWS SSO
- How to use boto3 inside an EC2 instance
- Boto3 Error in AWS SDK: botocore.exceptions.NoCredentialsError: Unable to locate credentials
- Using boto3 with temporary credentials
- How to use boto3 on EC2 instance without local configuration?
- Where to put AWS credentials for Boto3 S3 instance
- Boto and Python on AWS
- Using Python Boto with AWS Support API