Configuration - Boto3 1.34.74 documentation

Posted by Sebrina Pilcher on Saturday, June 8, 2024

Boto3 will also search the ~/.aws/config file when looking for configuration values. You can change the location of this file by setting the AWS_CONFIG_FILE environment variable.

This file is an INI-formatted file that contains at least one section: [default]. You can create multiple profiles (logical groups of configuration) by creating sections named [profile profile-name]. If your profile name has spaces, you need to surround this value with quotation marks: [profile "my profile name"]. The following are all the config variables supported in the ~/.aws/config file.

api_versions

Specifies the API version to use for a particular AWS service.

The api_versions settings are nested configuration values that require special formatting in the AWS configuration file. If the values are set by the AWS CLI or programmatically by an SDK, the formatting is handled automatically. If you set them by manually editing the AWS configuration file, the following is the required format. Notice the indentation of each value.

[default] region = us-east-1 api_versions = ec2 = 2015-03-01 cloudfront = 2015-09-17 
aws_access_key_id

The access key to use.

aws_secret_access_key

The secret access key to use.

aws_session_token

The session token to use. This is typically needed only when using temporary credentials. Note aws_security_token is supported for backward compatibility.

ca_bundle

The CA bundle to use. For more information, see the previous description of the AWS_CA_BUNDLE environment variable.

credential_process

Specifies an external command to run to generate or retrieve authentication credentials. For more information, see Sourcing credentials with an external process.

credential_source

To invoke an AWS service from an Amazon EC2 instance, you can use an IAM role attached to either an EC2 instance profile or an Amazon ECS container. In such a scenario, use the credential_source setting to specify where to find the credentials.

The credential_source and source_profile settings are mutually exclusive.

The following values are supported.

Ec2InstanceMetadata

Use the IAM role attached to the Amazon EC2 instance profile.

EcsContainer

Use the IAM role attached to the Amazon ECS container.

Environment

Retrieve the credentials from environment variables.

duration_seconds

The length of time in seconds of the role session. The value can range from 900 seconds (15 minutes) to the maximum session duration setting for the role. The default value is 3600 seconds (one hour).

external_id

Unique identifier to pass when making AssumeRole calls.

metadata_service_timeout

The number of seconds before timing out when retrieving data from the instance metadata service. For more information, see the previous documentation on AWS_METADATA_SERVICE_TIMEOUT.

metadata_service_num_attempts

The number of attempts to make before giving up when retrieving data from the instance metadata service. For more information, see the previous documentation on AWS_METADATA_SERVICE_NUM_ATTEMPTS.

mfa_serial

Serial number of the Amazon Resource Name (ARN) of a multi-factor authentication (MFA) device to use when assuming a role.

parameter_validation

Disable parameter validation (default is true, parameters are validated). This is a Boolean value that is either true or false. Whenever you make an API call using a client, the parameters you provide are run through a set of validation checks, including (but not limited to) required parameters provided, type checking, no unknown parameters, minimum length checks, and so on. Typically, you should leave parameter validation enabled.

region

The default AWS Region to use, for example, us-west-1 or us-west-2. When specifying a Region inline during client initialization, this property is named region_name.

role_arn

The ARN of the role you want to assume.

role_session_name

The role name to use when assuming a role. If this value is not provided, a session name will be automatically generated.

web_identity_token_file

The path to a file that contains an OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. The contents of this file will be loaded and passed as the WebIdentityToken argument to the AssumeRoleWithWebIdentity operation.

s3

Set Amazon S3-specific configuration data. Typically, these values do not need to be set.

The s3 settings are nested configuration values that require special formatting in the AWS configuration file. If the values are set by the AWS CLI or programmatically by an SDK, the formatting is handled automatically. If you set them manually by editing the AWS configuration file, the following is the required format. Notice the indentation of each value.

[default] region = us-east-1 s3 = addressing_style = path signature_version = s3v4 
  • addressing_style: The S3 addressing style. When necessary, Boto automatically switches the addressing style to an appropriate value. The following values are supported.

    auto

    (Default) Attempts to use virtual, but falls back to path if necessary.

    path

    Bucket name is included in the URI path.

    virtual

    Bucket name is included in the hostname.

  • payload_signing_enabled: Specifies whether to include an SHA-256 checksum with Amazon Signature Version 4 payloads. Valid settings are true or false.

    For streaming uploads (UploadPart and PutObject) that use HTTPS and include a content-md5 header, this setting is disabled by default.

  • signature_version: The AWS signature version to use when signing requests. When necessary, Boto automatically switches the signature version to an appropriate value. The following values are recognized.

    s3v4

    (Default) Signature Version 4

    s3

    (Deprecated) Signature Version 2

  • use_accelerate_endpoint: Specifies whether to use the Amazon S3 Accelerate endpoint. The bucket must be enabled to use S3 Accelerate. Valid settings are true or false. Default: false

    Either use_accelerate_endpoint or use_dualstack_endpoint can be enabled, but not both.

  • use_dualstack_endpoint: Specifies whether to direct all Amazon S3 requests to the dual IPv4/IPv6 endpoint for the configured Region. Valid settings are true or false. Default: false

    Either use_accelerate_endpoint or use_dualstack_endpoint can be enabled, but not both.

source_profile

The profile name that contains credentials to use for the initial AssumeRole call.

The credential_source and source_profile settings are mutually exclusive.

sts_regional_endpoints

Sets AWS STS endpoint resolution logic. This configuration can also be set using the environment variable AWS_STS_REGIONAL_ENDPOINTS. By default, this configuration option is set to legacy. Valid values are the following:

  • regional

    Uses the STS endpoint that corresponds to the configured Region. For example, if the client is configured to use us-west-2, all calls to STS will be made to the sts.us-west-2.amazonaws.com regional endpoint instead of the global sts.amazonaws.com endpoint.

  • legacy

    Uses the global STS endpoint, sts.amazonaws.com, for the following configured Regions:

    • ap-northeast-1

    • ap-south-1

    • ap-southeast-1

    • ap-southeast-2

    • aws-global

    • ca-central-1

    • eu-central-1

    • eu-north-1

    • eu-west-1

    • eu-west-2

    • eu-west-3

    • sa-east-1

    • us-east-1

    • us-east-2

    • us-west-1

    • us-west-2

    All other Regions will use their respective regional endpoint.

tcp_keepalive

Toggles the TCP Keep-Alive socket option used when creating connections. By default this value is false; TCP Keepalive will not be used when creating connections. To enable TCP Keepalive with the system default configurations, set this value to true.

max_attempts

An integer representing the maximum number of attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. If not provided, the number of retries will default to whatever is modeled, which is typically 5 total attempts in the legacy retry mode, and 3 in the standard and adaptive retry modes.

retry_mode

A string representing the type of retries Boto3 will perform. Valid values are the following:

  • legacy - The preexisting retry behavior. This is the default value if no retry mode is provided.

  • standard - A standardized set of retry rules across the AWS SDKs. This includes a standard set of errors that are retried and support for retry quotas, which limit the number of unsuccessful retries an SDK can make. This mode will default the maximum number of attempts to 3 unless a max_attempts is explicitly provided.

  • adaptive - An experimental retry mode that includes all the functionality of standard mode with automatic client-side throttling. This is a provisional mode whose behavior might change.

ncG1vNJzZmian6m8dHrAppizp56WxLR6wqikaK5hZLGwr9SmnKeskam2sLqOmqeiZ5yWwaa%2F02ierqGUmnyku82foKCtopbBqrvNZ5%2BtpZw%3D