Boto3: get credentials dynamically?
It's generally a best practice to only use temporary credentials. You can get temporary credentials with STS.get_session_token
.
EDIT: As of this PR, you can access the current session credentials like so:
import boto3session = boto3.Session()credentials = session.get_credentials()# Credentials are refreshable, so accessing your access key / secret key# separately can lead to a race condition. Use this to get an actual matched# set.credentials = credentials.get_frozen_credentials()access_key = credentials.access_keysecret_key = credentials.secret_keyredshift = session.client('redshift')...
I would still recommend using temporary credentials scoped to exactly what redshift needs.
Use botocore
>>> import botocore.session>>> session = botocore.session.get_session()>>> session.get_credentials().access_key'AKIAABCDEF6RWSGI234Q'>>> session.get_credentials().secret_key'abcdefghijkl+123456789+qbcd'>>> session.get_config_variable('region')'us-east-1'
Can I suggest that accessing the keys is WRONG using boto3:
import boto3session = boto3.Session(profile_name="my-profile")dynamodb = session.resource( "dynamodb", region_name=session.region_name, # aws_access_key_id=session.get_credentials().access_key, # aws_secret_access_key=session.get_credentials().secret_key,)
Notice, I commented out accessing the keys because 1:
Any clients created from this session will use credentials from the
[my-profile]
section of~/.aws/credentials
.