P y t h o n , B o t o 3 , a n d G e t t i n g - - PowerPoint PPT Presentation

p y t h o n b o t o 3 a n d g e t t i n g t h i n g s d o
SMART_READER_LITE
LIVE PREVIEW

P y t h o n , B o t o 3 , a n d G e t t i n g - - PowerPoint PPT Presentation

Jul 06, 2023 199 likes •421 views

S n a k e s o n a C l o u d P y t h o n , B o t o 3 , a n d G e t t i n g T h i n g s D o n e We l c o m e B u f f a l o P y t h o n i s t a s ryansb@redhat.com Ryan Scott Brown

slide-1
SLIDE 1

S n a k e s

  • n

a C l

  • u

d P y t h

  • n

, B

  • t
  • 3

, a n d G e t t i n g T h i n g s D

  • n

e

slide-2
SLIDE 2

We l c

  • m

e B u f f a l

  • P

y t h

  • n

i s t a s

ryansb@redhat.com @ryan_sb Ryan Scott Brown Senior Software Engineer Ansible by Red Hat

slide-3
SLIDE 3

A g e n d a

  • Setup & Basics
  • Talking to Instances
  • In-Application Use
  • Ops, Automation, and Hacking the Planet
  • Testing (if there’s time)
slide-4
SLIDE 4

S e t u p

  • Installing
  • Credentials/Profiles
  • Hello World
slide-5
SLIDE 5

I n s t a l l i n g

pip install boto3 pip install awscli #optional aws configure --profile testbed #optional

slide-6
SLIDE 6

C r e d e n t i a l s

# ~/.aws/credentials [testbed] aws_access_key_id = AKIA… aws_secret_access_key = Jhw…

slide-7
SLIDE 7

C r e d e n t i a l S

  • u

r c e s

  • Instance roles
  • Environment variables
  • Access/Secret key pair
  • Access + secret + session using STS
  • Credentials files
  • Assuming cross-account roles
slide-8
SLIDE 8

I n s t a n c e R

  • l

e s

Your Instance AWS Backplane GET http://169.254.169.254/…./credentials Key ID+Secret+Session Token+TTL

slide-9
SLIDE 9

C r

  • s

s

  • A

c c

  • u

n t R

  • l

e s

Your Client IAM API AssumeRole arn:aws:….:SuperAdmin Key ID + Secret Key ID+Secret+Session Token+TTL

slide-10
SLIDE 10

H e l l

  • Wo

r l d

aws s3 ls

slide-11
SLIDE 11

H e l l

  • Wo

r l d

>>> import boto3 >>> s3 = boto3.client(‘s3’) >>> print(s3.list_buckets())

slide-12
SLIDE 12

S e s s i

  • n

s

  • Typically 1 is plenty
  • If you have multi-region or user requirements, these

handle it well

  • `session.client(‘service’)` works instead of the default

`boto3.client(‘service’)`

slide-13
SLIDE 13

S 3 D e m

  • N
  • t

e b

  • k

Download notebook file Browser-friendly results

slide-14
SLIDE 14

C l i e n t s v s . R e s

  • u

r c e s

  • Clients are lower-level and usually map 1:1 with APIs
  • Resources are built around first-class objects
  • Services always have clients, sometimes have resources
  • DynamoDB, S3, CloudFormation, and others have both
slide-15
SLIDE 15

H i g h L e v e l S e r v i c e s

  • App-level services like DynamoDB + S3
  • Accept user uploads
  • Generate pre-signed URLs
  • Store and query key-value data
slide-16
SLIDE 16

D y n a m

  • D

B D e m

  • N
  • t

e b

  • k

Download Notebook File Browser-friendly results

slide-17
SLIDE 17

C

  • n

n e c t i n g t h e P l a n e t

  • What if you combined dataviz with infra data?
  • Networkx (graph handling library) can export visual graphs

b

slide-18
SLIDE 18

E C 2 D e m

  • N
  • t

e b

  • k

Download notebook file Browser-friendly results

slide-19
SLIDE 19

H a c k i n g t h e P l a n e t

  • Python can be used in combination with other tools
  • Have a bunch of CloudFormation? No problem

– https://github.com/ryansb/yesterdaytabase

  • Ansible? Make a module!
  • Chef/Puppet? Mix user-data+boto3+Chef Solo/OpsWorks
slide-20
SLIDE 20

E x t e n d i n g C l

  • u

d F

  • r

m a t i

  • n
  • AWS Lambda can be used for custom resources

– https://github.com/ryansb/acm-certs-cloudformation – https://github.com/ryansb/cfn-wrapper-python

  • Expose Custom::YourThing interface to templates
  • Anything boto3 supports, you can add to CloudFormation
slide-21
SLIDE 21

Q u e s t i

  • n

T i m e !