Boto3 will also search the ~/.aws/config
file when looking for configuration values. You can change the location of this file by setting the AWS_CONFIG_FILE
environment variable.
This file is an INI-formatted file that contains at least one section: [default]
. You can create multiple profiles (logical groups of configuration) by creating sections named [profile profile-name]
. If your profile name has spaces, you need to surround this value with quotation marks: [profile "my profile name"]
. The following are all the config variables supported in the ~/.aws/config
file.
api_versions
Specifies the API version to use for a particular AWS service.
The api_versions
settings are nested configuration values that require special formatting in the AWS configuration file. If the values are set by the AWS CLI or programmatically by an SDK, the formatting is handled automatically. If you set them by manually editing the AWS configuration file, the following is the required format. Notice the indentation of each value.
[default] region = us-east-1 api_versions = ec2 = 2015-03-01 cloudfront = 2015-09-17
aws_access_key_id
The access key to use.
aws_secret_access_key
The secret access key to use.
aws_session_token
The session token to use. This is typically needed only when using temporary credentials. Note aws_security_token
is supported for backward compatibility.
ca_bundle
The CA bundle to use. For more information, see the previous description of the AWS_CA_BUNDLE
environment variable.
credential_process
Specifies an external command to run to generate or retrieve authentication credentials. For more information, see Sourcing credentials with an external process.
credential_source
To invoke an AWS service from an Amazon EC2 instance, you can use an IAM role attached to either an EC2 instance profile or an Amazon ECS container. In such a scenario, use the credential_source
setting to specify where to find the credentials.
The credential_source
and source_profile
settings are mutually exclusive.
The following values are supported.
Ec2InstanceMetadata
Use the IAM role attached to the Amazon EC2 instance profile.
EcsContainer
Use the IAM role attached to the Amazon ECS container.
Environment
Retrieve the credentials from environment variables.
duration_seconds
The length of time in seconds of the role session. The value can range from 900 seconds (15 minutes) to the maximum session duration setting for the role. The default value is 3600 seconds (one hour).
external_id
Unique identifier to pass when making AssumeRole
calls.
metadata_service_timeout
The number of seconds before timing out when retrieving data from the instance metadata service. For more information, see the previous documentation on AWS_METADATA_SERVICE_TIMEOUT
.
metadata_service_num_attempts
The number of attempts to make before giving up when retrieving data from the instance metadata service. For more information, see the previous documentation on AWS_METADATA_SERVICE_NUM_ATTEMPTS
.
mfa_serial
Serial number of the Amazon Resource Name (ARN) of a multi-factor authentication (MFA) device to use when assuming a role.
parameter_validation
Disable parameter validation (default is true, parameters are validated). This is a Boolean value that is either true
or false
. Whenever you make an API call using a client, the parameters you provide are run through a set of validation checks, including (but not limited to) required parameters provided, type checking, no unknown parameters, minimum length checks, and so on. Typically, you should leave parameter validation enabled.
region
The default AWS Region to use, for example, us-west-1
or us-west-2
. When specifying a Region inline during client initialization, this property is named region_name
.
role_arn
The ARN of the role you want to assume.
role_session_name
The role name to use when assuming a role. If this value is not provided, a session name will be automatically generated.
web_identity_token_file
The path to a file that contains an OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. The contents of this file will be loaded and passed as the WebIdentityToken
argument to the AssumeRoleWithWebIdentity
operation.
s3
Set Amazon S3-specific configuration data. Typically, these values do not need to be set.
The s3
settings are nested configuration values that require special formatting in the AWS configuration file. If the values are set by the AWS CLI or programmatically by an SDK, the formatting is handled automatically. If you set them manually by editing the AWS configuration file, the following is the required format. Notice the indentation of each value.
[default] region = us-east-1 s3 = addressing_style = path signature_version = s3v4
addressing_style
: The S3 addressing style. When necessary, Boto automatically switches the addressing style to an appropriate value. The following values are supported.auto
(Default) Attempts to use
virtual
, but falls back topath
if necessary.path
Bucket name is included in the URI path.
virtual
Bucket name is included in the hostname.
payload_signing_enabled
: Specifies whether to include an SHA-256 checksum with Amazon Signature Version 4 payloads. Valid settings aretrue
orfalse
.For streaming uploads (
UploadPart
andPutObject
) that use HTTPS and include acontent-md5
header, this setting is disabled by default.signature_version
: The AWS signature version to use when signing requests. When necessary, Boto automatically switches the signature version to an appropriate value. The following values are recognized.s3v4
(Default) Signature Version 4
s3
(Deprecated) Signature Version 2
use_accelerate_endpoint
: Specifies whether to use the Amazon S3 Accelerate endpoint. The bucket must be enabled to use S3 Accelerate. Valid settings aretrue
orfalse
. Default:false
Either
use_accelerate_endpoint
oruse_dualstack_endpoint
can be enabled, but not both.use_dualstack_endpoint
: Specifies whether to direct all Amazon S3 requests to the dual IPv4/IPv6 endpoint for the configured Region. Valid settings aretrue
orfalse
. Default:false
Either
use_accelerate_endpoint
oruse_dualstack_endpoint
can be enabled, but not both.
source_profile
The profile name that contains credentials to use for the initial AssumeRole
call.
The credential_source
and source_profile
settings are mutually exclusive.
sts_regional_endpoints
Sets AWS STS endpoint resolution logic. This configuration can also be set using the environment variable AWS_STS_REGIONAL_ENDPOINTS
. By default, this configuration option is set to legacy
. Valid values are the following:
regional
Uses the STS endpoint that corresponds to the configured Region. For example, if the client is configured to use
us-west-2
, all calls to STS will be made to thests.us-west-2.amazonaws.com
regional endpoint instead of the globalsts.amazonaws.com
endpoint.legacy
Uses the global STS endpoint,
sts.amazonaws.com
, for the following configured Regions:ap-northeast-1
ap-south-1
ap-southeast-1
ap-southeast-2
aws-global
ca-central-1
eu-central-1
eu-north-1
eu-west-1
eu-west-2
eu-west-3
sa-east-1
us-east-1
us-east-2
us-west-1
us-west-2
All other Regions will use their respective regional endpoint.
tcp_keepalive
Toggles the TCP Keep-Alive socket option used when creating connections. By default this value is false
; TCP Keepalive will not be used when creating connections. To enable TCP Keepalive with the system default configurations, set this value to true
.
max_attempts
An integer representing the maximum number of attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. If not provided, the number of retries will default to whatever is modeled, which is typically 5 total attempts in the legacy
retry mode, and 3 in the standard
and adaptive
retry modes.
retry_mode
A string representing the type of retries Boto3 will perform. Valid values are the following:
legacy
- The preexisting retry behavior. This is the default value if no retry mode is provided.standard
- A standardized set of retry rules across the AWS SDKs. This includes a standard set of errors that are retried and support for retry quotas, which limit the number of unsuccessful retries an SDK can make. This mode will default the maximum number of attempts to 3 unless amax_attempts
is explicitly provided.adaptive
- An experimental retry mode that includes all the functionality ofstandard
mode with automatic client-side throttling. This is a provisional mode whose behavior might change.
ncG1vNJzZmian6m8dHrAppizp56WxLR6wqikaK5hZLGwr9SmnKeskam2sLqOmqeiZ5yWwaa%2F02ierqGUmnyku82foKCtopbBqrvNZ5%2BtpZw%3D