Skip to content Skip to sidebar Skip to footer
Home / Amazon Web Services / Boto3 / Python 3.x

Boto3: Get Credentials Dynamically?

Post a Comment
I am struggling to find out how I can get my aws_access_key_id and aws_secret_access_key dynamically from my code. In boto2 I could do the following: boto.config.get_value('Creden

Solution 1:

It's generally a best practice to only use temporary credentials. You can get temporary credentials with STS.get_session_token.

EDIT: As of this PR, you can access the current session credentials like so:

import boto3

session = boto3.Session()
credentials = session.get_credentials()

# Credentials are refreshable, so accessing your access key / secret key# separately can lead to a race condition. Use this to get an actual matched# set.
credentials = credentials.get_frozen_credentials()
access_key = credentials.access_key
secret_key = credentials.secret_key

redshift = session.client('redshift')
...

I would still recommend using temporary credentials scoped to exactly what redshift needs.

Solution 2:

Use botocore

>>>import botocore.session>>>session = botocore.session.get_session()>>>session.get_credentials().access_key
'AKIAABCDEF6RWSGI234Q'

>>>session.get_credentials().secret_key
'abcdefghijkl+123456789+qbcd'

>>>session.get_config_variable('region')
'us-east-1'

Solution 3:

Can I suggest that accessing the keys is WRONG using boto3: 

import boto3
session = boto3.Session(profile_name="my-profile")

dynamodb = session.resource(
    "dynamodb",
    region_name=session.region_name,
    # aws_access_key_id=session.get_credentials().access_key,# aws_secret_access_key=session.get_credentials().secret_key,
)

Notice, I commented out accessing the keys because :

Any clients created from this session will use credentials from the [my-profile] section of ~/.aws/credentials.

Post a Comment for "Boto3: Get Credentials Dynamically?"