4

In my python code I need to extract AWS credentials AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID which are stored in the plain text file as described here: https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html

I know the name of the file: AWS_SHARED_CREDENTIALS_FILE and the name of profile: AWS_PROFILE.

My current approach is to read and parse this file in python by myself to get AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID.

But I hope there is already standard way to get it using boto3 or some other library. Please suggest.

user3440012
  • 171
  • 2
  • 12
  • 1
    Is there a reason you are parsing this manually rather than using something like `session = boto3.Session(profile_name='dev'` as [described here](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html)? – Mark Jun 24 '22 at 02:08
  • Mark, I need to invoke Hive script from Python and pass AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID to it as hiveconfig – user3440012 Jun 24 '22 at 04:12
  • 1
    Yeah, may be easier to parse the file. FWIW, the session object has a `get_credentials()` method. So `session.get_credentials().access_key` and `session.get_credentials().secret_key` do what you would expect. – Mark Jun 24 '22 at 04:40

2 Answers2

3

Would something like this work for you, or am I misunderstanding the question? Basically start a session for the appropriate profile (or the default, I guess), and then query those values from the credentials object:

    session = boto3.Session(profile_name=<...your-profile...>)
    credentials = session.get_credentials()
    print("AWS_ACCESS_KEY_ID = {}".format(credentials.access_key))
    print("AWS_SECRET_ACCESS_KEY = {}".format(credentials.secret_key))
    print("AWS_SESSION_TOKEN = {}".format(credentials.token))
Erwin
  • 844
  • 4
  • 14
2

As far as I understand, the AWS credentials file uses a standard INI file format. You can utilize configparser to parse the file easily. Please refer to: https://docs.python.org/3/library/configparser.html.

For boto3, if you put it in standard areas, it will load automagically.

Boto3 will look in several locations when searching for credentials. The mechanism in which Boto3 looks for credentials is to search through a list of possible locations and stop as soon as it finds credentials. The order in which Boto3 searches for credentials is:

  1. Passing credentials as parameters in the boto.client() method Passing
  2. credentials as parameters when creating a Session object
  3. Environment variables
  4. Shared credential file (~/.aws/credentials)
  5. AWS config file (~/.aws/config)
  6. Assume Role provider
  7. Boto2 config file (/etc/boto.cfg and ~/.boto)
  8. Instance metadata service on an Amazon EC2 instance that has an IAM role configured.

Reference: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html

PressingOnAlways
  • 11,948
  • 6
  • 32
  • 59
  • I need to invoke Hive script from Python and pass AWS_SECRET_ACCESS_KEY and AWS_ACCESS_KEY_ID to it as hiveconf – user3440012 Jun 24 '22 at 04:15