Python AWS Boto3 Tutorial

Photo by AltumCode on Unsplash

Python AWS Boto3 Tutorial

Boto3 is the name of the Python SDK for AWS. It allows you to directly create, update, and delete AWS resources from your Python scripts. If you are familiar with AWS, you can use boto3 to automate your tasks and save time and effort.

Some of the use cases of boto3 are:

  • Launching and managing EC2 instances

  • Creating and uploading files to S3 buckets

  • Sending emails using SES

  • Invoking Lambda functions

  • Querying data from DynamoDB

  • And many more!

In this tutorial, we will learn how to set up boto3, and how to use it to create an EC2 instance, an S3 bucket, and a security group.

Setting Up Boto3

Before you can start using Boto3, you need to set up your AWS credentials and install the Boto3 library. Follow these steps to get started:

  1. Install Boto3: You can install Boto3 using pip:

     pip install boto3
    
  2. AWS Credentials: You need to configure your AWS credentials. Boto3 will use these credentials to authenticate your requests. You can do this by using the AWS Command Line Interface (CLI) and running aws configure. Alternatively, you can manually create an AWS credentials and config file in your home directory (~/.aws/) with your access key, secret key, and preferred region.

  3. Import Boto3: In your Python script or interactive session, you need to import the Boto3 library:

     import boto3
    

With Boto3 installed and your AWS credentials set up, you're ready to interact with AWS services using Python.

Creating an EC2 instance

An EC2 instance is a virtual machine that runs on AWS. You can use boto3 to create and launch an EC2 instance with a few lines of code.

First, you need to import the boto3 module and create a client object for the EC2 service:

PythonAI-generated code. Review and use carefully. More info on FAQ.

import boto3
ec2 = boto3.client('ec2')

Next, you need to specify the parameters for your EC2 instance, such as the image ID, the instance type, the key pair name, and the security group ID. You can find the image ID of the AMI (Amazon Machine Image) you want to use from the AWS console or the [AWS documentation]. The instance type determines the CPU, memory, storage, and network capacity of your instance. You can find the list of available instance types [here]. The key pair name is the name of the SSH key pair that you want to use to connect to your instance. You can create and download a key pair from the AWS console or use an existing one. The security group ID is the ID of the security group that you want to associate with your instance. A security group is a set of rules that control the inbound and outbound traffic to your instance. You can create a security group from the AWS console or use an existing one.

For example, the following code creates an EC2 instance with the following parameters:

  • Image ID: ami-0f5ee92e2d63afc18(Ubuntu 22.04 LTS)

  • Instance type: t2.micro (1 vCPU, 1 GB RAM, EBS storage)

  • Key pair name: my-key-pair

  • Security group ID: sg-0a1b2c3d4e5f6g7h8

response = ec2.run_instances(
    ImageId='ami-0cda377a1b884a1bc',
    InstanceType='t2.micro',
    KeyName='my-key-pair',
    SecurityGroupIds=['sg-0a1b2c3d4e5f6g7h8'],
    MinCount=1,
    MaxCount=1
)

The run_instances method returns a response object that contains information about the instance that was created, such as the instance ID, the state, the public IP address, and the tags. You can access these attributes by using the dot notation or the dictionary notation. For example, to get the instance ID, you can use either response['Instances'][0]['InstanceId'] or response.Instances[0].InstanceId.

You can also use the describe_instances method to get more information about your instance, such as the launch time, the availability zone, the private IP address, and the metadata. For example, to get the launch time of your instance, you can use the following code:

instance_id = response.Instances[0].InstanceId
response = ec2.describe_instances(InstanceIds=[instance_id])
launch_time = response['Reservations'][0]['Instances'][0]['LaunchTime']

You can use the terminate_instances method to terminate your instance when you are done with it. This will stop and delete your instance and release the resources associated with it. For example, to terminate your instance, you can use the following code:

ec2.terminate_instances(InstanceIds=[instance_id])

Creating an S3 bucket

An S3 bucket is a container for storing objects in AWS. An object is a file that can have any content and size. You can use boto3 to create and manage S3 buckets and objects.

First, you need to import the boto3 module and create a resource object for the S3 service:

import boto3
s3 = boto3.resource('s3')

Next, you need to specify the name and the region for your S3 bucket. The name must be globally unique and follow the [S3 naming rules]. The region must be the same as the region of your EC2 instance, or else you will incur additional data transfer charges.

For example, the following code creates an S3 bucket with the name my-bucket-123 and the region ap-south-1:

bucket_name = 'my-bucket-123'
bucket_region = 'ap-south-1'
s3.create_bucket(
    Bucket=bucket_name,
    CreateBucketConfiguration={
        'LocationConstraint': bucket_region
    }
)

The create_bucket method returns a bucket object that represents the S3 bucket that was created. You can use this object to perform various operations on the bucket, such as uploading, downloading, deleting, and listing objects.

For example, the following code uploads a file named hello.txt from your local directory to the S3 bucket:

bucket = s3.Bucket(bucket_name)
bucket.upload_file('hello.txt', 'hello.txt')

The upload_file method takes two arguments: the source file name and the destination key name. The key name is the identifier of the object in the S3 bucket. You can use any string as the key name, but it is recommended to use a hierarchical structure with slashes (/) to organize your objects.

You can also use the download_file method to download an object from the S3 bucket to your local directory:

bucket.download_file('hello.txt', 'hello.txt')

The download_file method takes two arguments: the source key name and the destination file name.

You can use the delete_objects method to delete one or more objects from the S3 bucket:

bucket.delete_objects(
    Delete={
        'Objects': [
            {'Key': 'hello.txt'}
        ]
    }
)

The delete_objects method takes a dictionary as an argument, which contains a list of objects to delete. Each object is represented by a dictionary with a key named Key, which is the key name of the object.

You can use the objects attribute of the bucket object to get an iterator over all the objects in the S3 bucket:

for obj in bucket.objects.all():
    print(obj.key, obj.size, obj.last_modified)

The objects attribute returns an object summary iterator, which yields object summary objects. Each object summary object has attributes such as key, size, and last_modified, which provides information about the object.

You can use the delete method of the bucket object to delete the S3 bucket when you are done with it. This will delete the bucket and all the objects in it. For example, to delete the bucket, you can use the following code:

bucket.delete()

Creating a security group

A security group is a set of rules that control the inbound and outbound traffic to your EC2 instance. You can use boto3 to create and modify security groups.

First, you need to import the boto3 module and create a client object for the EC2 service:

import boto3
ec2 = boto3.client('ec2')

Next, you need to specify the name and the description for your security group. You also need to specify the VPC ID of the VPC (Virtual Private Cloud) that you want to associate your security group with. A VPC is a logical network that isolates your AWS resources from the public internet. You can use the default VPC that AWS provides for each region, or create your own VPC that you want to associate your security group with. You can find the VPC ID from the AWS console or use the describe_vpcs method to get a list of available VPCs.

For example, the following code creates a security group with the name my-security-group and the description My security group for EC2 in the default VPC:

vpc_id = ec2.describe_vpcs()['Vpcs'][0]['VpcId']
response = ec2.create_security_group(
    GroupName='my-security-group',
    Description='My security group for EC2',
    VpcId=vpc_id
)

The create_security_group method returns a response object that contains the security group ID of the security group that was created. You can use this ID to perform various operations on the security group, such as adding, removing, and listing rules.

For example, the following code adds a rule to the security group that allows inbound SSH traffic from anywhere:

security_group_id = response['GroupId']
ec2.authorize_security_group_ingress(
    GroupId=security_group_id,
    IpPermissions=[
        {
            'IpProtocol': 'tcp',
            'FromPort': 22,
            'ToPort': 22,
            'IpRanges': [
                {
                    'CidrIp': '0.0.0.0/0'
                }
            ]
        }
    ]
)

The authorize_security_group_ingress method takes a dictionary as an argument, which contains the security group ID and a list of IP permissions. Each IP permission is a dictionary that specifies the protocol, the port range, and the IP range of the traffic that is allowed. You can use the CIDR notation to specify the IP range, such as 0.0.0.0/0 for anywhere, or 10.0.0.0/16 for a specific subnet.

You can also use the revoke_security_group_ingress method to remove a rule from the security group:

ec2.revoke_security_group_ingress(
    GroupId=security_group_id,
    IpPermissions=[
        {
            'IpProtocol': 'tcp',
            'FromPort': 22,
            'ToPort': 22,
            'IpRanges': [
                {
                    'CidrIp': '0.0.0.0/0'
                }
            ]
        }
    ]
)

The revoke_security_group_ingress method takes the same arguments as the authorize_security_group_ingress method.

You can use the describe_security_groups method to get information about your security group, such as the name, the description, the VPC ID, and the rules:

response = ec2.describe_security_groups(GroupIds=[security_group_id])
security_group = response['SecurityGroups'][0]
print(security_group['GroupName'], security_group['Description'], security_group['VpcId'])
for rule in security_group['IpPermissions']:
    print(rule['IpProtocol'], rule['FromPort'], rule['ToPort'], rule['IpRanges'])

The describe_security_groups method returns a response object that contains a list of security groups that match the criteria. Each security group is a dictionary that has attributes such as GroupName, Description, VpcId, and IpPermissions. The IpPermissions attribute is a list of dictionaries that represent the rules of the security group.

You can use the delete_security_group method to delete the security group when you are done with it. This will delete the security group and all the rules associated with it. For example, to delete the security group, you can use the following code:

ec2.delete_security_group(GroupId=security_group_id)

This concludes our tutorial on how to use boto3 to create an EC2 instance, an S3 bucket, and a security group. I hope you found it useful and learned something new.

Did you find this article valuable?

Support Vishesh Gubrani by becoming a sponsor. Any amount is appreciated!