ども、かっぱです。ぼちぼちやってます。
tl;dr
適切な IAM Role が適用されていない環境で boto3 を使う際に避けては通れない(はず)の認証情報を指定する方法をメモっておく。
尚、ソースコード内に認証情報を書くのはよろしく無いので、あくまでも検証、動作確認用途に限定しましょう。
参考
- https://boto3.readthedocs.io/en/latest/guide/configuration.html
- https://boto3.readthedocs.io/en/latest/guide/configuration.html#best-practices-for-configuring-credentials
- http://boto3.readthedocs.io/en/latest/guide/session.html
- http://qiita.com/inouet/items/f9723d7ae7d8d134280b
有難うございましたmm
memo
~/.aws/credentials
$ cat ~/.aws/credentials [oreno-profile] aws_access_key_id = xxxxxxxxxxxxxxxxxxxx aws_secret_access_key = yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
ACCESS_KEY と SECRET_ACCESS_KEY を使う場合
import boto3 s3 = boto3.client('s3', aws_access_key_id='xxxxxxxxxxxxxxxxxxxx', aws_secret_access_key='yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy', region_name='ap-northeast-1') print s3.list_buckets().__class__.__name__
もしくは...
from boto3.session import Session session = Session(aws_access_key_id='xxxxxxxxxxxxxxxxxxxx', aws_secret_access_key='yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy', region_name='ap-northeast-1') s3 = session.client('s3') print s3.list_buckets().__class__.__name__
profile 名を指定する場合
from boto3.session import Session session = Session(profile_name='oreno-profile') s3 = session.client('s3') print s3.list_buckets().__class__.__name__
実行例
# # ACCESS_KEY と SECRET_ACCESS_KEY をベタ書き(出来るだけ避けたい例) # $ python Python 2.7.12 (default, Sep 3 2016, 08:17:12) [GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> >>> import boto3 >>> s3 = boto3.client('s3', ... aws_access_key_id='xxxxxxxxxxxxxxxxxxxxx', ... aws_secret_access_key='yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy', ... region_name='ap-northeast-1') >>> print s3.list_buckets().__class__.__name__ dict # # 環境変数を利用する(苦肉の策) # $ AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxxxxxxxx $ AWS_SECRET_ACCESS_KEY=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy $ python Python 2.7.12 (default, Sep 3 2016, 08:17:12) [GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> >>> import boto3 >>> import os >>> s3 = boto3.client('s3', ... aws_access_key_id=os.getenv('AWS_ACCESS_KEY_ID'), ... aws_secret_access_key=os.getenv('AWS_SECRET_ACCESS_KEY'), ... region_name='ap-northeast-1') >>> print s3.list_buckets().__class__.__name__ dict # # session クラスを使って ACCESS_KEY と SECRET_ACCESS_KEY をベタ書き(出来るだけ避けたい例) # $ python Python 2.7.12 (default, Sep 3 2016, 08:17:12) [GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> >>> from boto3.session import Session >>> >>> session = Session(aws_access_key_id='xxxxxxxxxxxxxxxxxxxxx', ... aws_secret_access_key='yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy', ... region_name='ap-northeast-1') >>> s3 = session.client('s3') >>> print s3.list_buckets().__class__.__name__ dict # # session クラスを使って ~/.aws/credentials の profile 名を指定する例 # $ python Python 2.7.12 (default, Sep 3 2016, 08:17:12) [GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> >>> from boto3.session import Session >>> session = Session(profile_name='oreno-profile') >>> s3 = session.client('s3') >>> print s3.list_buckets().__class__.__name__ dict
以上
メモでした。