CODEWITHSUNDEEP
python-3.xamazon-web-servicesamazon-ec2boto3
Praneeth Sai
Praneeth Sai

Reputation: 1571

unable to loacte credentials while make a connection with DB using boto3

I want to make connection to my Database and want to retrieve data. I am currently using AWS amazon linux2 instance. I used boto3 to connect.

def db_conn():
    secret_id = 'XXXXXXXXXXXXXXXX'
    try:
        client = boto3.client('secretsmanager',region_name="ap-southeast-2")
        get_secret_value_response = client.get_secret_value(SecretId=secret_id)
    except Exception as e:
        raise e
    else:
        if 'SecretString' in get_secret_value_response:
            Secret_Json = json.loads(get_secret_value_response['SecretString'])
    if Secret_Json is None:
        print("secret string is null")
        exit()
    driver = 'postgresql+psycopg2://'
    db_user = Secret_Json['username']
    db_pw = Secret_Json['password']
    db_address_port_db = Secret_Json['host'] + \
                         ':' + \
                         str(Secret_Json['port']) + \
                         '/' + \
                         Secret_Json['dbInstanceIdentifier']
    application.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
    application.config['SQLALCHEMY_DATABASE_URI'] = driver + db_user + ':' + db_pw + '@' + db_address_port_db
    db = SQLAlchemy(application)
    return db

I face an error saying no credentials found

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 316, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 622, in _make_api_call
    operation_model, request_dict, request_context)
  File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 641, in _make_request
    return self._endpoint.make_request(operation_model, request_dict)
  File "/usr/local/lib/python3.7/site-packages/botocore/endpoint.py", line 102, in make_request
    return self._send_request(request_dict, operation_model)
  File "/usr/local/lib/python3.7/site-packages/botocore/endpoint.py", line 132, in _send_request
    request = self.create_request(request_dict, operation_model)
  File "/usr/local/lib/python3.7/site-packages/botocore/endpoint.py", line 116, in create_request
    operation_name=operation_model.name)
  File "/usr/local/lib/python3.7/site-packages/botocore/hooks.py", line 356, in emit
    return self._emitter.emit(aliased_event_name, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/botocore/hooks.py", line 228, in emit
    return self._emit(event_name, kwargs)
  File "/usr/local/lib/python3.7/site-packages/botocore/hooks.py", line 211, in _emit
    response = handler(**kwargs)
  File "/usr/local/lib/python3.7/site-packages/botocore/signers.py", line 90, in handler
    return self.sign(operation_name, request)
  File "/usr/local/lib/python3.7/site-packages/botocore/signers.py", line 160, in sign
    auth.add_auth(request)
  File "/usr/local/lib/python3.7/site-packages/botocore/auth.py", line 357, in add_auth
    raise NoCredentialsError
botocore.exceptions.NoCredentialsError: Unable to locate credentials

Please help me what to do to solve this?

Upvotes: 0

Views: 457

Answers (1)

Marcin
Marcin

Reputation: 238975

You have to assign an IAM role to your instance with required permissions:

Boto3 will use the permissions from the role to get access to your resources, such as Secrets Manager.

The role could include, for example, an inline policy to read from Secrets Manager:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "<arn-of-your-sercert>"
        }
    ]
}

If you use KMS for encrypting your secret, KMS permissions may also be required.

Upvotes: 1

Related Questions