Boto3 concepts you need to know before you start working on it : Session, Client, Resource
Hi amazing people out there, today we are going to discuss some basic requirements we must know to proceed with using Boto3
What is Boto3?
As per official documentation, Boto is the Amazon Web Services (AWS) SDK for Python. It enables Python developers to create, configure, and manage AWS services, such as EC2 and S3. Boto provides an easy to use, object-oriented API, as well as low-level access to AWS services.
Prerequisites to start working with Boto3
- AWS account (Free tier account will also suffice)
- Basic knowledge on AWS services and Python
Installation prerequisites
Enter below command in your terminal
pip3 install boto3
We need to set our programmatic access keys in .aws so that we can connect to our AWS resources using them through the Python scripts. Below are the steps to get your programmatic access keys:
- Login to AWS console(for now as a root-user)
- After login, go to 'My Security Credentials' as shown in below image:
- Click on 'create a new access key' as shown in image below(for now we are creating access keys for root user, but this is not ideal practice, we should create IAM users for particular purpose, in upcoming points we will discuss on creating IAM users and getting their respective access keys):
- After creating the access keys download the csv file containing credentials. We will need these credentials for setting in our .aws folder, but before that let's see how to create a IAM user with particular permissions which are needed for particular operation.
- For creating the IAM user go to users section in IAM console as shown below:
- Click on 'add user'
- For demo purpose I am creating user which will be able to perform all actions related to s3 bucket and here I am giving only programmatic access.
Click on 'Next:Permissions'
Select from existing policies and I am giving a S3 full access to perform all the operations in S3 bucket, this way we can decide what all permissions are needed for particular user without risking our application with unnecessary elevated access.
- After creating the user you will see the credentials as shown below or you can download the csv file.
Now we are done with creating IAM user and also got the programmatic access keys for both s3 and root user, now let's focus on setting these credentials in our local machine inside .aws folder.
- Install awscli using pip3
pip3 install awscli
- Configure root/IAM user access credentials using:
aws configure --profile <profile-name>
- You can see below that I have configured the downloaded credentials from AWS console locally which gave us privilege to access the AWS resources for both root and s3_user:
Now let's take a look at core concepts of boto3:
- Session
- Client
- Resource
- Meta
- Collections
- Waiters
- Paginators
I will cover the Session, Client and Resources concepts in this article.
Session
A session stores configuration state and allows you to create service client and resources
In simpler words we can say that session acts as a management console of AWS which we see after logging in.
There are two types of sessions: default and custom
Default session : Boto3 acts as a proxy to the default session. This session can be used if you have a default aws profile set in your local machine. This will be created if you do the 'aws configure' without providing any profile name, then the set credentials will be assigned to a default profile.
import boto3 s3_resource = boto3.resource('s3') s3_client = boto3.client('s3')
- Custom session : Manage your own session and create low-level clients or resource clients from it.
import boto3 my_session = boto3.session.Session(profile_name='s3_user') s3_resource = my_session.resource('s3') s3_client = my_session.client('s3')
Client and Resource
Boto3 does call AWS APIs on your behalf. There are two distinct ways to access these APIs.
- Client : low-level service access and all services provided from AWS can be accessed using client. Below are the available operations using client for 's3':
You can also see these operations on official documentation link in detail: boto3.amazonaws.com/v1/documentation/api/la..
- Resource. : higher-level object-oriented service access and all services provided from AWS are not available. Below are the available operations using resource for 's3':
You can also see these operations on official documentation link in detail: boto3.amazonaws.com/v1/documentation/api/la..
From above available operations we can infer that client has all the methods to perform various operations, while resource has limited options. You can choose them based on your requirement.
Now you are well equipped to run some basic tasks from boto3. Remaining concepts I will cover in another article . Do visit the gayatri.hashnode.dev/boto3-concepts-you-nee.. to get more hold on basic concepts.