S3 Examples using boto3

Boto3

Boto3 is the official AWS SDK for Python, used to create, configure, and manage AWS services.

We will provide examples of defining a resource/client in boto3 for the Weka S3 service, managing credentials, pre-signed URLs, generating secure temporary tokens, and using those to run S3 API calls.

Installation

pip install boto3

Credentials

There are many ways to set credentials in boto3, as described on the boto3 credentials page. It's worth emphasizing the Assume Role Provider method, which uses the access/secret keys to automatically generate and use the temporary security token.

Resource

Resources represent an object-oriented interface to Amazon Web Services (AWS). They provide a higher-level abstraction than the raw, low-level calls made by service clients. To use resources, you invoke the resource() method of a Session and pass in a service name:

s3 = boto3.resource('s3',
                    endpoint_url='https://weka:9000',
                    aws_access_key_id='s3_key',
                    aws_secret_access_key='s3_secret')

Client

Clients provide a low-level interface to AWS whose methods map close to 1:1 with service APIs. All service operations are supported by clients (in our case, s3 and sts)

Assume Role Example

Example code of using an access/secret key to obtain a temporary security token for the S3 service:

Pre-Signed URL Example

Example of signing on a GET request for myobject within mybucket for anonymous access:

Use the response to access the object without providing any credentials:

Pre-Signed URL with Assume Role Example

Now, let's combine the above two examples by providing a pre-signed URL from a temporary security token:

Upload/Download Example

An example of using boto3 resource to upload and download an object:

Create Bucket Example

An example for creating a bucket newbucket with a boto3 client: