Forums

Best practice for boto3 / AWS user profiles?

I will be using AWS SQS service for my application.

Locally, I have a couple of different user profiles set up with the AWS CLI. What is best practice for doing the same on Python Anywhere? Do I install the AWS CLI there and create profiles? The keys get stored in a plain text configuration file.

Or should I reference the keys from a config file for my application somehow?

Any security concerns I should be aware of?

Installing the AWS CLI on PythonAnywhere may be a little heavy weight just to create a profile. If the keys are stored in a text file, just create the profile locally and then upload the file so that you can use it.

I would guess that boto3 needs the keys to be provided to it. Check the docs to see how you need to do that.

As for security, make sure you do not place the key file anywhere where it could be made public. That is, make sure your web app cannot serve it as a static file accidentally and make sure that it is not in a place where you might commit it to a remote git instance or anything like that.

Thanks!

I was under the impression that boto3 required the AWS CLI to be installed. Guess not. Digging through some Stack Overflow articles, it looks like this init code should work fine in case anyone else needs it. No AWS CLI needed to push an item to SQS.

client = boto3.client('sqs', aws_access_key_id='<your id>', aws_secret_access_key='<your key'>, region_name='<your region')

Just a word of warning relating to best practices here: Do not put you keys literally in that code. Set them in the environment and get them from there or read them from a file that is excluded from git or something like that. If you commit that code to a public repository (or a private one that you later make public), they will be available to the world.