Boto3: get credentials dynamically?
I am struggling to find out how I can get my aws_access_key_id and aws_secret_access_key dynamically from my code.
In boto2 I could do the following: boto.config.get_value('Credentials', 'aws_secret_access_key') but I can't seem to find a similar method in boto3. I was able to find the keys if I look in boto3.Session()._session._credentials but that seems like the mother of all hacks to me and I would rather not go down that road.
Answer
It's generally a best practice to only use temporary credentials. You can get temporary credentials with STS.get_session_token.
EDIT: As of this PR, you can access the current session credentials like so:
import boto3
session = boto3.Session()
credentials = session.get_credentials()
# Credentials are refreshable, so accessing your access key / secret key
# separately can lead to a race condition. Use this to get an actual matched
# set.
credentials = credentials.get_frozen_credentials()
access_key = credentials.access_key
secret_key = credentials.secret_key
redshift = session.client('redshift')
...
I would still recommend using temporary credentials scoped to exactly what redshift needs.