Get started with AWS. Create an IAM user. Installing the Boto3 SDK and Sample Python Code

Before I start my story about the process, I want to note that I am not acting as a specialist in the field of Amazon services, but as a developer who had to deal with technology at the moment, and unfortunately, there was no time to deal with a rather cumbersome control panel in detail . The guide is suitable for those who have not yet encountered AWS, but would like to try it for their personal projects, or learn about the technologies themselves. We will walk you through the creation of a simple IAM user, the necessary configuration for work, and a simple example of working with the Boto3 library.

Step One (Creating an IAM User)

Amazon recommends that you don’t connect with the root user to avoid security nuisances, but instead, it recommends that you create an IAM user and give it specific permissions.

First of all, after registering on the service, you need to open the menu in the upper right corner, and select the section Security Credentials:

Required Security credentials section

Required Security credentials section

Next, on the page that opens, you must select the section Access management -> Users:

Required Users section

Required Users section

Great, we ended up on a page that displays a list of already created users.
The next step is to click on the button Add users:

You must click on the Add users button

You must click on the Add users button

We ended up on the page for creating an IAM user. After the username has been specified, we are prompted to select a user type. I chose the second option because I didn’t have time to explore the additional Identity Center service to set up and manage users. The next step is to create a password for the user, on the same page:

It is still advisable to choose the first option.

It is still advisable to choose the first option.

The next, and no less important step is setting up access. I chose the third option because I don’t have user groups configured, and I don’t want to copy the settings of a previously created user:

Choose Attach polices directly

Choose Attach polices directly

Below we select the necessary policy depending on the service with which we will work. I remind you that in our case we are considering S3. Again, since I don’t need to write detailed policies for the user, I choose full access.

Choose AmazonS3FullAccess

Choose AmazonS3FullAccess

Pay attention to the button Create policy. In this article, I will not consider this possibility. However, you can adjust the policy json file for yourself by setting up the account as flexible as possible to perform all sorts of tasks with Amazon services.

Next, you need to confirm the creation of the user, and we again find ourselves in the Users section, where we can observe a new account in the list of available IAM users. Click on your username to go to the account management section. We will be interested security credentials.

Choose Security Credentials

Choose Security Credentials

Pay attention to the section access keys, which is below. This is the next thing we need to do. We will need these keys to interact with Amazon services.

Feel free to click on create access key

Feel free to click on create access key

Among the many options, I chose the second one, since I will use these keys in the .env file. Choose the option that suits your needs.

Choose the most suitable option for you

Choose the most suitable option for you

Be sure to save the secret keys and make sure that they remain safe and sound, because without them access to services through the API is impossible.

Don't lose!

Don’t lose!

Congratulations! We have completed the first stage, a little more!

Step Two ( Create S3 Bucket)

After the user has been created, we will create a bucket in which our files will be stored. To do this, go to the S3 section, which you can easily find in the search bar of the site.

The process is not complicated, much more intuitive than creating a user. Most importantly, pay attention to the region in which you will create the bucket. It will need to be specified when configuring your account (read the next section):

Click Create bucket

Click Create bucket

If you are not an “advanced” user, leave all the settings unchanged so as not to screw up, and everything worked for sure (just be sure to pay attention to the region). And now we move on to the last stage of preparation.

Step Three (Amazon CLI and Boto3 SDK)

The AWS Command Line Interface (AWS CLI) is a single tool for managing AWS services. In our case, it is required in order to add our Security Cretentials and access Amazon services. You can install Amazon CLI by link from GitHub. I use venv so I install like this:

$ python -m pip install awscli

So far, we are only interested in one command in the terminal:

$ aws configure
AWS Access Key ID: MYACCESSKEY
AWS Secret Access Key: MYSECRETKEY
Default region name [us-west-2]: us-west-2
Default output format [None]: json

As you can see from the output. When you run the aws configure command, the service asks for the same secret data that we created for the IAM user. The data will automatically be pulled into ~/.aws/credentials or in %UserProfile%\.aws/credentialsif you are a Windows user.

Also, you can specify this data in the .env file if you are not using Amazon’s AWS Toolkit extensions.

AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY_ID"
AWS_SECRET_ACCESS_KEY="YOUR_SECRET_ACCESS_KEY"
AWS_DEFAULT_REGION="us-west-2"

There are many more configuration options, but if necessary, you can consider them yourself. In the meantime, we will install Boto3:

pip install boto3

Voila! We have completed the necessary configuration steps, and now we can safely start writing code. Below, I will give an example of using the boto3 library:

import os
from dotenv import load_dotenv
import boto3

# С помощью библиотеки python-dotenv загружаем данные из .env файла
load_dotenv()

aws_access_id = os.environ.get("AWS_ACCESS_KEY_ID")
aws_secret_key = os.environ.get("AWS_SECRET_ACCESS_KEY")

# Далее, нам необходимо создать клиента. Подробнее об этом после примера.
client = boto3.client("s3",
                      aws_access_key_id=aws_access_id,
                      aws_secret_access_key=aws_secret_key)


# Хардкодно указанная директория, только для примера, не рекомендую так делать
path = "../new-topics/new-bot/datatopics/simple"

# Проходим по всем файлам на пути, который мы указали,
# и загружаем файлы с расширением ".txt" в наш с вами bucket
for file in os.listdir(path):
    if ".txt" in file:
        file_path = os.path.join(path, file)
        upload_file_bucket = "bucket-example"
        # Если в бакете есть папка "text", файлы будут загружены туда,
        # в противном случае можно оставить только str(file)
        upload_file_key = "text/" + str(file)
        # Непосредственно загружаем
        client.upload_file(file_path,
                           upload_file_bucket,
                           upload_file_key)

Files uploaded successfully!

A few words about creating a client. Amazon offers the ability to use the API at a low level, using a client, and at a higher resource. You can read more about this in the specialized documentation for Boto3.

Summarize

We have completed a simple setup of an IAM user to work with AWS resources, carried out the necessary installation and configuration, and also analyzed a simple example of using boto3.

Conveniently, the library allows you to work with almost all AWS resources without switching between tools, which increases the speed of development. And the Session object (read the documentation) allows you to configure the configuration for several services at once, if there is a need to connect different DBs to your service.

Thank you for your attention!

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *