Python boto3 で認証情報を指定するメモ

ども、かっぱです。ぼちぼちやってます。

tl;dr

適切な IAM Role が適用されていない環境で boto3 を使う際に避けては通れない（はず）の認証情報を指定する方法をメモっておく。
尚、ソースコード内に認証情報を書くのはよろしく無いので、あくまでも検証、動作確認用途に限定しましょう。

参考

• https://boto3.readthedocs.io/en/latest/guide/configuration.html
• https://boto3.readthedocs.io/en/latest/guide/configuration.html#best-practices-for-configuring-credentials
• http://boto3.readthedocs.io/en/latest/guide/session.html
• http://qiita.com/inouet/items/f9723d7ae7d8d134280b

有難うございましたmm

memo

~/.aws/credentials

$ cat ~/.aws/credentials

[oreno-profile]
aws_access_key_id = xxxxxxxxxxxxxxxxxxxx
aws_secret_access_key = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

ACCESS_KEY と SECRET_ACCESS_KEY を使う場合

import boto3

s3 = boto3.client('s3',
                  aws_access_key_id='xxxxxxxxxxxxxxxxxxxx',
                  aws_secret_access_key='yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy',
                  region_name='ap-northeast-1')
print s3.list_buckets().__class__.__name__

もしくは…

from boto3.session import Session

session = Session(aws_access_key_id='xxxxxxxxxxxxxxxxxxxx',
                  aws_secret_access_key='yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy',
                  region_name='ap-northeast-1')

s3 = session.client('s3')
print s3.list_buckets().__class__.__name__

profile 名を指定する場合

from boto3.session import Session

session = Session(profile_name='oreno-profile')
s3 = session.client('s3')
print s3.list_buckets().__class__.__name__

実行例

#
# ACCESS_KEY と SECRET_ACCESS_KEY をベタ書き（出来るだけ避けたい例）
#
$ python
Python 2.7.12 (default, Sep  3 2016, 08:17:12)
[GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> 
>>> import boto3
>>> s3 = boto3.client('s3',
...                   aws_access_key_id='xxxxxxxxxxxxxxxxxxxxx',
...                   aws_secret_access_key='yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy',
...                   region_name='ap-northeast-1')
>>> print s3.list_buckets().__class__.__name__
dict

#
# 環境変数を利用する（苦肉の策）
#
$ AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxx
$ AWS_SECRET_ACCESS_KEY=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
$ python
Python 2.7.12 (default, Sep  3 2016, 08:17:12)
[GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> import boto3
>>> import os
>>> s3 = boto3.client('s3',
...                   aws_access_key_id=os.getenv('AWS_ACCESS_KEY_ID'),
...                   aws_secret_access_key=os.getenv('AWS_SECRET_ACCESS_KEY'),
...                   region_name='ap-northeast-1')
>>> print s3.list_buckets().__class__.__name__
dict

#
# session クラスを使って ACCESS_KEY と SECRET_ACCESS_KEY をベタ書き（出来るだけ避けたい例）
#
$ python
Python 2.7.12 (default, Sep  3 2016, 08:17:12)
[GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> from boto3.session import Session
>>>
>>> session = Session(aws_access_key_id='xxxxxxxxxxxxxxxxxxxxx',
...                   aws_secret_access_key='yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy',
...                   region_name='ap-northeast-1')
>>> s3 = session.client('s3')
>>> print s3.list_buckets().__class__.__name__
dict

#
# session クラスを使って ~/.aws/credentials の profile 名を指定する例
#
$ python
Python 2.7.12 (default, Sep  3 2016, 08:17:12)
[GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> from boto3.session import Session
>>> session = Session(profile_name='oreno-profile')
>>> s3 = session.client('s3')
>>> print s3.list_buckets().__class__.__name__
dict

以上

メモでした。

元記事はこちら

「Python boto3 で認証情報を指定するメモ」