aws authentication permalink

configuring credentials permalink

pypyr-aws pretty much just uses the underlying boto3 authentication mechanisms. More info here:

This means any of the following will work. The authentication settings lookup order is as follows:

IAM credentials when inside AWS permalink

If you are running inside of AWS - on EC2 or inside an ECS container, it will automatically use IAM role credentials if it does not find credentials in any of the other places listed below.

set clientArgs in pypyr context permalink

In the pypyr context

        aws_access_key_id: ACCESS_KEY
        aws_secret_access_key: SECRET_KEY
        aws_session_token: SESSION_TOKEN

Remember that you can use text {substitution} formatting expressions to set these values dynamically.

environment variables permalink

You can set the following $ENV variables:


credentials file permalink

  • Credentials file at ~/.aws/credentials or ~/.aws/config

    • If you have the aws-cli installed, run aws configure to get these configured for you automatically.
On dev boxes I generally don't bother with credentials, because chances are pretty good that I have the aws-cli installed already anyway, so pypyr will just re-use the aws shared configuration files that are there anyway.

Ensure secrets stay secret permalink

Be safe! Don’t hard-code your aws credentials. Don’t check credentials into a public repo. 😱

If you’re running pypyr inside of aws - e.g in an ec2 instance or an ecs container that is running under an IAM role, you don’t actually need explicitly to configure credentials for pypyr-aws.

Do remember not to fling your key & secret around as shell arguments - it could very easily leak that way into logs or expose via a ps. I generally use one of the pypyr built-in context parsers like pypyr.parser.jsonfile or pypyr.parser.yamlfile, see pypyr built-in context parsers.

Do remember also that $ENV variables are not a particularly secure place to keep your secrets.

last updated on .