Introduction to Boto3, the AWS SDK for Python

Over the past year and a half, I have become very familar with boto3 which is the open-source SDK for Amazon's AWS resources. It's complicated in many ways, and, like AWS in general, there are always gotchas that will strike you when you least expect it. But it is a robust, rich SDK, including everything the AWS API has to offer, allowing you to do a lot of automation and interaction with the rich panoply of AWS.

I'm going to write a few blog entries about boto3, particularly as it relates to specific AWS resources I've used a lot (like DynamoDB, S3, and EC2.) This blog entry is going to be a basic overview, and a place for you to get started.

Basically, you need python and pip installed, and you need credentials to access your AWS resources. You generate those credentials by creating a new IAM user in the AWS control panel, and using the access and secret keys from that user. You create a credentials file, which boto3 reads. (See this page for a quick start.)

One warning - because these credentials are going to sit in plain text on your server or your user directory, be very careful with the permissions you give this user, and who has access to that file. Potentially, someone who had that information could compromise your entire AWS setup, depending on the permissions of the user. (So, for instance, if you have this installed on your laptop, and your laptop gets stolen, among the many things you're going to need to do will be to deactivate those credentials in IAM.)

An example, if you are writing a script that is just going to process local files and write them to S3, create an IAM user with limited permissions to just S3, and no other resources. IAM users and AWS permissions are far outside of the scope of this article - but you should get super familiar with these concepts.

Boto3 is written on top of botocore which is a low-level interface to the AWS API. Botocore is the basis for the AWS-CLI which is also written in python.

And although boto3 contains a lot of great ojects and methods that make it a lot easier to use than botocore, I've learned that you need yet another level of abstraction in order to really make it easy to write code where you don't repeat yourself when accessing AWS resources. So be prepared to write some separate modules. I'll give some examples when I do a deep dive into using boto3 for specific AWS functions.

links

social