AWS Automation with Python (Boto3) Basics — Part 2

Saurabh Shah
4 min readMar 26, 2020

--

In Part1 we went through Basics of Boto3 and different ways to connect AWS Services at high level. Now we will talk more about Boto3 Session, Client and Resource before Starting with AWS Automation.

Boto3 Sessions:

Session means AWS Management Console in human Terms. It’s an Ideal way to login to AWS and First Step towards writing python boto3 scripts.

dir(boto3) is a good handy way to check what available options we have:

Here is an example on How it looks Without & With Session:

#Without Sessions and Profiles
#This is Just an Example. Do not hard code credentials
ec2 = boto3.client('ec2',aws_access_key_id=xxxx,aws_secret_access_key=xxxx)
s3 = boto3.client('s3',aws_access_key_id=xxxx,aws_secret_access_key=xxxx)
#With Sessions and ProfilesSession = boto3.Session(profile_name='root')
# Any clients created from this session will use credentials
# from the [root] section of ~/.aws/credentials.
ec2 = Session.client('ec2')
s3 = Session.client('s3')

Without Sessions, we can either use Environmental Variables or hard code AWS Credentials ( which is Not Recommended ). With Custom Sessions we can store configuration state and then create service clients and resources.

Here profile_name is set as “root” Credentials. Profiles and it’s Credentials can be managed under Shared Credentials file which has default location of ~/.aws/credentials and ~/.aws/config. The shared credential file can have multiple profiles defined like below:

[default]
aws_access_key_id=foo
aws_secret_access_key=bar
[root]
aws_access_key_id=foo2
aws_secret_access_key=bar2
[user1]
aws_access_key_id=foo3
aws_secret_access_key=bar3

One more way is make profile credentials using AWS CLI is with below command:

aws configure --profile "name"

Default Sessions will use “default” profile Credentials:

# Using the default session
ec2 = boto3.client('ec2')
s3 = boto3.resource('s3')

There are couple of more advance topics on Sessions like Assume Role and STS but for now this information is good to start with.

Client and Resource:

With Client and Resource Object Methods, We can Create Particular AWS Service Console like IAM console , ec2 console, s3 console etc. from our Session Object Created Earlier. Below is an example of showing two ways to get IAM users using Client and Resource Object :

import boto3aws_console_root=boto3.session.Session(profile_name="default")iam_console_re=aws_console_root.resource('iam',region_name='eu-west-1')
iam_console_cli=aws_console_root.client('iam',region_name='us-east-1')
#Listing IAM users with resource object:print("IAM User list using Resource Object")
for each_user in iam_console_re.users.all():
print((each_user.name))
#Listing IAM users with client object:print("")
print("IAM User list using Client Object")
for each_user in iam_console_cli.list_users()['Users']:
print(each_user['UserName'])

Now Let’s understand the difference:

  1. Resource Object Method has very limited Support AWS Services to Work with. While Client Object Method has all the AWS services Available to work on. We can check by below:

2. With Client Option every Operation which we do on AWS Console can be done but with Resource Option there are limitations in the Operations we do even on its supported AWS Services.

3. What Method to use for the AWS services which are available for Both ? We can use both Options but they vary with the output they provide. With Client Option, every output is in python dictionary form so it takes some more work to filter the required details while using Resource Option is much simpler as it provides the ouptut as an Object.

To show you the difference on how output vary for both, Below is Step by Step output to get instance id using Resource Object and Client Object

So Resource Object to get Instances Id’s Seems much simpler than getting via Client Object:

References:

https://boto3.amazonaws.com/v1/documentation/api/latest/guide/configuration.html#guide-configuration

https://boto3.amazonaws.com/v1/documentation/api/latest/guide/clients.html

https://boto3.amazonaws.com/v1/documentation/api/latest/guide/resources.html

Summary

Today we learnt Boto3 Session , Client and Resource and it’s examples in detail.

Next Articles of boto3 will Focus on :

  • AWS Automation and lambda Functions
  • Coming soon…check the space for AWS Devops Blogs

Thank-you for Spending your time and Reading this blog. Please Share if you feel it’s worth. Happy Learning!

--

--

Saurabh Shah

DevOps Engineer Sr. working primarily with DevOps, CI/CD, Amazon Web Services, Automation, VMware & Networking.