0

I've used boto to interact with S3 with with no problems, but now I'm attempting to connect to the AWS Support API to pull back info on open tickets, trusted advisor results, etc. It seems that the boto library has different connect methods for each AWS service? For example, with S3 it is:

conn = S3Connection(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)

According to the boto docs, the following should work to connect to AWS Support API:

>>> from boto.support.connection import SupportConnection
>>> conn = SupportConnection('<aws access key>', '<aws secret key>')

However, there are a few problems I see after digging through the source code. First, boto.support.connection doesn't actually exist. boto.connection does, but it doesn't contain a class SupportConnection. boto.support.layer1 exists, and DOES have the class SupportConnection, but it doesn't accept key arguments as the docs suggest. Instead it takes 1 argument - an AWSQueryConnection object. That class is defined in boto.connection. AWSQueryConnection takes 1 argument - an AWSAuthConnection object, class also defined in boto.connection. Lastly, AWSAuthConnection takes a generic object, with requirements defined in init as:

class AWSAuthConnection(object):
    def __init__(self, host, aws_access_key_id=None,
                 aws_secret_access_key=None,
                 is_secure=True, port=None, proxy=None, proxy_port=None,
                 proxy_user=None, proxy_pass=None, debug=0,
                 https_connection_factory=None, path='/',
                 provider='aws', security_token=None,
                 suppress_consec_slashes=True,
                 validate_certs=True, profile_name=None):

So, for kicks, I tried creating an AWSAuthConnection by passing keys, followed by AWSQueryConnection(awsauth), followed by SupportConnection(awsquery), with no luck. This was inside a script.

Last item of interest is that, with my keys defined in a .boto file in my home directory, and running python interpreter from the command line, I can make a direct import and call to SupportConnection() (no arguments) and it works. It clearly is picking up my keys from the .boto file and consuming them but I haven't analyzed every line of source code to understand how, and frankly, I'm hoping to avoid doing that.

Long story short, I'm hoping someone has some familiarity with boto and connecting to AWS API's other than S3 (the bulk of material that exists via google) to help me troubleshoot further.

Improve this question
1
  • Somehow similar question with some tips: stackoverflow.com/a/21345540/346478 . In general, credentials are managed the same way for S3 and other services. Commented Jul 8, 2014 at 7:15

1 Answer 1

Reset to default
2

This should work:

import boto.support
conn = boto.support.connect_to_region('us-east-1')

This assumes you have credentials in your boto config file or in an IAM Role. If you want to pass explicit credentials, do this:

import boto.support
conn = boto.support.connect_to_region('us-east-1', aws_access_key_id="<access key>", aws_secret_access_key="<secret key>")

This basic incantation should work for all services in all regions. Just import the correct module (e.g. boto.support or boto.ec2 or boto.s3 or whatever) and then call it's connect_to_region method, supplying the name of the region you want as a parameter.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks - can you elaborate on how / where the keys get passed to AWS? On my local machine the .boto file works, but what about if I move code to a prod server where I need to pass keys in via env variables, or even as arguments to a constructor?
Yea, that did it, thanks! The boto docs must be a bit dated. boto.readthedocs.org/en/latest/support_tut.html leads with the approach I tried, although it does reference a "shortcut" a little further down that is essentially what you provided here. Even then though, it isn't obvious that I can pass the keys into connect_to_region(), so I probably would have been here posting about that anyway. Thanks!
@David Better to use an IAM role when launching your prod server than to store keys explicitly on the server. Boto will automatically make use of temporary, rotated credentials.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.