Skip to main content

Cloud

Securely Interacting with AWS Services Using Boto3 API

Programmer Working With Program Code

In today’s cloud-centric world, AWS (Amazon Web Services) stands out as a leading provider of scalable and reliable cloud services. Python’s Boto3 library is a powerful tool that allows developers to interact with AWS services programmatically. However, ensuring secure interactions is crucial to protect sensitive data and maintain the integrity of your applications.

Main objective of this blog is to explain how we can interact with different AWS services in a secure way. In this blog, I explained how we can create a session object from AWS credentials (keys and secret keys) which we are fetching from OS environment variables and use session object to interact with AWS services.

Setting Up Python, Boto3 API, AWS and VS Code Editor

Python

You could ensure if Python installed in your system/server by running “python –version” command. We can run same command in any operating system either that is Windows, Linux/Unix or MacOS. if python not installed, then we need to install it first before moving forward.

You can download and install the python from its official page Download Python | Python.org

VS Code

I am using VS Code editor tool for developing the boto3 Api code, so we also need to ensure few things in code editor.

  1. We need to install Python extension for Visual Studio Code which integrate and offer support for IntelliSense (Pylance), debugging (Python Debugger), formatting, linting, code navigation, refactoring, variable explorer, test explorer, and many more.

1

  1. We also need to ensure if python version showing on right bottom bar when writing in python file. this will be available once we setup the python properly in our system.

2

Boto3

Once python and VS Code setup done then we need to install the python boto3 package from command “pip install boto3”.

  • boto3 package will not be recognize and give error during execution until we install it. see in given screenshot where you can see yellow underline under boto3.

3

  • To run this command in VS Code editor, we can open terminal from Terminal >> New Terminal and run this command there. you can see the installation in below screenshot where few other dependent packages also installed along with boto3 package. later it was also asking me to upgrade pip (python package manager), so I run that command as well.

4

  • Now we are ready with boto3 api

AWS

Configure your AWS credentials using the AWS CLI or by setting environment variables.

Securely Managing AWS Credentials

Managing AWS credentials securely is the first step in ensuring secure interactions with AWS services. There is two way we can use to interact with different AWS services.

  1. Environment Variables: Store your AWS credentials in environment variables instead of hardcoding them in your scripts.
import os
import boto3

aws_access_key = os.getenv('AWS_ACCESS_KEY_ID')
aws_secret_key = os.getenv('AWS_SECRET_ACCESS_KEY')

session = boto3.Session(
    aws_access_key_id=aws_access_key,
    aws_secret_access_key=aws_secret_key
)
  1. IAM Roles: Use IAM roles for EC2 instances to avoid storing credentials on the instance.
session = boto3.Session()
s3 = session.resource('s3')

Different AWS Services Interaction with boto3 API

Let’s explore how to interact with some common AWS services securely.

Amazon S3

Amazon S3 is a widely used storage service. Here’s how to securely interact with S3 using Boto3.

  1. Uploading Files
import os
import boto3

aws_access_key = os.getenv('aws_access_key_id')
aws_secret_key = os.getenv('aws_secret_access_key')
session = boto3.Session( aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key )

s3 = session.resource('s3')
bucket_name = 'sachinsinghfirstbucket'
file_path = 'temp/first.txt'
s3.Bucket(bucket_name).upload_file(file_path, 'first.txt')

5

6

  1. Downloading Files
import os
import boto3

aws_access_key = os.getenv('aws_access_key_id')
aws_secret_key = os.getenv('aws_secret_access_key')
session = boto3.Session( aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key )

s3 = session.resource('s3')
bucket_name = 'sachinsinghfirstbucket'
file_path = 'temp/first_copy.txt'
s3.Bucket(bucket_name).download_file('first.txt', file_path)

7

Amazon EC2

Amazon EC2 provides scalable computing capacity. Here’s how to manage EC2 instances securely.

  1. Launching an Instance
import os
import boto3

aws_access_key = os.getenv('aws_access_key_id')
aws_secret_key = os.getenv('aws_secret_access_key')
session = boto3.Session( aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key )

ec2 = session.resource('ec2')
instance = ec2.create_instances(
    ImageId='ami-07b69f62c1d38b012',
    MinCount=1,
    MaxCount=1,
    InstanceType='t2.micro'
)

8

9

  1. Stopping an Instance
import os
import boto3

aws_access_key = os.getenv('aws_access_key_id')
aws_secret_key = os.getenv('aws_secret_access_key')
session = boto3.Session( aws_access_key_id=aws_access_key, aws_secret_access_key=aws_secret_key )

instance_id = 'i-00ab4568503979da4'
ec2 = session.resource('ec2')
ec2.Instance(instance_id).stop()

10

11

For Other Services

You can go through other services and detailed documentation here Boto3 1.35.91 documentation

Best Practices for Secure Boto3 Interactions

  1. Use Least Privilege: Ensure that your IAM policies grant the minimum permissions required for your tasks.

  2. Rotate Credentials Regularly: Regularly rotate your AWS credentials to reduce the risk of compromise.

  3. Enable Logging and Monitoring: Use AWS CloudTrail and CloudWatch to monitor and log API calls for auditing and troubleshooting.

Interacting with AWS services using Boto3 is powerful and flexible, but security should always be a top priority. By following best practices and leveraging AWS’s security features, you can ensure that your applications remain secure and resilient.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sachin Singh

Sachin is a Lead Technical Consultant - Cloud & DevOps here at Perficient. He leveraged his 13+ years of experience and AWS certification to design, implement, and optimize cloud-based solutions for various clients and projects. Sachin is passionate about using cloud platforms and related technologies to solve problems in an effective and creative manner, and to deliver high-quality and scalable products and services. He also has extensive knowledge and skills in infrastructure development, serverless, microservice, CI/CD, Docker, Terraform, Kubernetes, SaaS, multi-tenancy, SSO, and scripting capabilities in Python, Windows PowerShell and Unix shell scripts. Sachin also has experience in enterprise architecture, application virtualization, Atlassian products, and agile project management. He enjoys working with a dynamic and collaborative team and is always aiming to keep up with the cutting edge of technologies and enhance my professional skills.

More from this Author

Categories
Follow Us