我无法使用 CGI-Python 脚本加载 AWS 凭证

Question

not able to access AWS credentials when I execute python CGI script in browser.

dynamodb = boto3.resource('dynamodb') By using above line in python file, I can able to get credentials from ~/.aws folder and execute it in CONSOLE.

But when I execute same code in Web-Browser, I am getting error (credentials are missing)

I tried setting environment variables and tried using config and credentials files. But didn't work.

dynamodb = boto3.resource('dynamodb')

ERRORRRR!!!!

raise NoCredentialsError

NoCredentialsError: Unable to locate credentials

Answer 1

The ~ in ~/.aws represents the home directory of the current user. When the script is executed from the console that works, because you are the current user. When the script is executed via CGI the current user is some other account on your system, so ~ points to a different home directory where there is no credentials file.

If you are running this on an EC2 server, I would suggest switching to an IAM instance profile instead of a credentials file. Otherwise you will need to look into placing the credentials file under the correct user account home directory, or setting the credentials as environment variables to the CGI process.

Answer 2

Based on Mark B answer I managed to solve a similar problem, I tried to for weeks..

My python script is running flawlessly locally from IDEL on windows server

However, when it called by web client ( java script) got the error

botocore.exceptions.NoCredentialsError: Unable to locate credentials

The problem was exactly as Mark pointed related to home directory, when the script run locally, for example in windows, it is C:\\Users\\USER_NAME so it can find the credentials in the default location C:\\Users\\USER_NAME\\.aws\\credentials as the documentation states , however when it is run using CGI the home directory is different

So to fix that:

1 - Know what your home directory (During run-time)

from pathlib import Path

place these line before trying to access AWS service

home = str(Path.home())
print('Home %s'%home)

copy the full home path

2- Go to that directory and place a copy of .aws directory inside it.

3- Give the permission to read files inside .aws

For IIS server

cd {full_home_path} + \.aws  //Remove {} and + 
icacls . /grant "NT AUTHORITY\IUSR:(OI)(CI)(R)"
icacls . /grant "Builtin\IIS_IUSRS:(OI)(CI)(R)"

4- Reboot the server

5- Try python script from web client

6- It should work.

Answer 3

Typically, environments such as CGI run as the root user. However, this varies based upon how the service is configured.

You have several options:

1. If the service is running as root , the home directory for root is /root . Create the directory /root/.aws . Then copy the contents of directory ~/.aws to /root/.aws . You will need to su to have the privileges.
2. Create a directory such as /AWS . Copy your credentials to this directory. Now in your code specify the path to the credentials file /AWS/credentials .
3. Specify the aws_access_key and aws secret_access_key in your program. This is not recommended as anytime you put your credentials in your program you open security risks.
4. If your service is running in EC2, then assign a role to the instance and obtain your AWS access keys from metadata.

This AWS document explains in detail how credentials are managed. Take the time to read it from top to bottom.

Credentials

I also recommend switching from using boto3 resource to boto3 client . This will give you many more options in your code.

Example: Specify your credentials via hard coded credentials (not recommended):

import boto3

session = boto3.Session(
    # Hard coded strings as credentials, not recommended.
    aws_access_key_id='AKIAIO5FODNN7EXAMPLE',
    aws_secret_access_key='ABCDEF+c2L7yXeGvUyrPgYsDnWRRC1AYEXAMPLE',
)

dynamodb = boto3.resource('dynamodb')

You can store your AWS credentials in any file format that you want and then read that file back to load the AWS access keys into your code.

Answer 4

I tried Amazon Translate with Google Colab and it's completely working fine.

Install boto3 client in cloud IDE

pip install boto3

Import client and it's configuration

import boto3
from botocore.config import Config

Call Amazon Translate Service

translate = boto3.client(service_name='translate', region_name='us-east-2', use_ssl=True,aws_access_key_id = 'YOUR ACCESS KEY ID',aws_secret_access_key='YOUR ACCESS KEY' )
result = translate.translate_text(Text="YOUR TEXT TO TRANSLATE", SourceLanguageCode="en", TargetLanguageCode="ta")

You can access the result in JSON format

print(result)