Use boto3 (AWS SDK for Python) from Python apps to call AWS APIs—S3 uploads, DynamoDB queries, SQS messages. Prefer IAM roles over static keys on servers.
Install and configure
pip install boto3
# Credentials from environment, ~/.aws/credentials, or IAM role
export AWS_PROFILE=sandbox
export AWS_DEFAULT_REGION=us-east-1List S3 buckets with boto3
import boto3
s3 = boto3.client('s3')
for bucket in s3.list_buckets().get('Buckets', []):
print(bucket['Name'])Practice: Run SDK examples locally with sandbox credentials via AWS_PROFILE=sandbox. Never commit real keys—use IAM roles in deployed environments.
Best practices
- Reuse clients/resources at module level (connection pooling)
- Use
resourcefor higher-level S3/DynamoDB;clientfor full API - Handle
ClientErrorwith explicit error codes - On Lambda/EC2, attach IAM role—no keys in environment files in Git
Django apps often use boto3 for S3 media storage via django-storages.
Upload object example
s3.upload_file(
'hello.txt',
'my-unique-learning-bucket-12345',
'uploads/hello.txt',
ExtraArgs={'ServerSideEncryption': 'AES256'},
)Important interview questions and answers
- Q: boto3 client vs resource?
A: Client is low-level API wrapper; resource provides object-oriented interface for select services. - Q: Where credentials come from on EC2?
A: Instance profile IAM role via instance metadata—temporary rotating credentials.
Self-check
- How should a Django app on EC2 authenticate to S3?
- What pip package is the AWS SDK for Python?
Pitfall: Creating boto3 client per HTTP request—reuse at module scope.
Interview prep
- boto3 credentials on EC2?
Instance profile IAM role via metadata—no static keys in code.
- Client vs resource?
Client is low-level API; resource provides object-oriented helpers.