diff --git a/.changes/1.35.55.json b/.changes/1.35.55.json new file mode 100644 index 0000000000..640c7265c3 --- /dev/null +++ b/.changes/1.35.55.json @@ -0,0 +1,37 @@ +[ + { + "category": "``codebuild``", + "description": "[``botocore``] AWS CodeBuild now adds additional compute types for reserved capacity fleet.", + "type": "api-change" + }, + { + "category": "``guardduty``", + "description": "[``botocore``] GuardDuty RDS Protection expands support for Amazon Aurora PostgreSQL Limitless Databases.", + "type": "api-change" + }, + { + "category": "``lakeformation``", + "description": "[``botocore``] API changes for new named tag expressions feature.", + "type": "api-change" + }, + { + "category": "``qapps``", + "description": "[``botocore``] Introduces category apis in AmazonQApps. Web experience users use Categories to tag and filter library items.", + "type": "api-change" + }, + { + "category": "``s3control``", + "description": "[``botocore``] Fix ListStorageLensConfigurations and ListStorageLensGroups deserialization for Smithy SDKs.", + "type": "api-change" + }, + { + "category": "``verifiedpermissions``", + "description": "[``botocore``] Adding BatchGetPolicy API which supports the retrieval of multiple policies across multiple policy stores within a single request.", + "type": "api-change" + }, + { + "category": "protocol", + "description": "[``botocore``] Added support for header enabling service migration off the AWS Query protocol.", + "type": "enhancement" + } +] \ No newline at end of file diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 9e57f90937..40f0c81eea 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,18 @@ CHANGELOG ========= +1.35.55 +======= + +* api-change:``codebuild``: [``botocore``] AWS CodeBuild now adds additional compute types for reserved capacity fleet. +* api-change:``guardduty``: [``botocore``] GuardDuty RDS Protection expands support for Amazon Aurora PostgreSQL Limitless Databases. +* api-change:``lakeformation``: [``botocore``] API changes for new named tag expressions feature. +* api-change:``qapps``: [``botocore``] Introduces category apis in AmazonQApps. Web experience users use Categories to tag and filter library items. +* api-change:``s3control``: [``botocore``] Fix ListStorageLensConfigurations and ListStorageLensGroups deserialization for Smithy SDKs. +* api-change:``verifiedpermissions``: [``botocore``] Adding BatchGetPolicy API which supports the retrieval of multiple policies across multiple policy stores within a single request. +* enhancement:protocol: [``botocore``] Added support for header enabling service migration off the AWS Query protocol. + + 1.35.54 ======= diff --git a/boto3/__init__.py b/boto3/__init__.py index 66eded5940..579f7143b2 100644 --- a/boto3/__init__.py +++ b/boto3/__init__.py @@ -17,7 +17,7 @@ from boto3.session import Session __author__ = 'Amazon Web Services' -__version__ = '1.35.54' +__version__ = '1.35.55' # The default Boto3 session; autoloaded when needed. diff --git a/boto3/examples/s3.rst b/boto3/examples/s3.rst index 0a79fb074f..ec56238382 100644 --- a/boto3/examples/s3.rst +++ b/boto3/examples/s3.rst @@ -9,7 +9,7 @@ the objects in the bucket. import boto3 s3 = boto3.resource('s3') - bucket = s3.Bucket('my-bucket') + bucket = s3.Bucket('amzn-s3-demo-bucket') for obj in bucket.objects.all(): print(obj.key) @@ -26,7 +26,7 @@ Amazon S3 bucket: client = boto3.client('s3') paginator = client.get_paginator('list_objects') - result = paginator.paginate(Bucket='my-bucket', Delimiter='/') + result = paginator.paginate(Bucket='amzn-s3-demo-bucket', Delimiter='/') for prefix in result.search('CommonPrefixes'): print(prefix.get('Prefix')) @@ -43,7 +43,7 @@ restoration is finished. import boto3 s3 = boto3.resource('s3') - bucket = s3.Bucket('glacier-bucket') + bucket = s3.Bucket('amzn-s3-demo-bucket') for obj_sum in bucket.objects.all(): obj = s3.Object(obj_sum.bucket_name, obj_sum.key) if obj.storage_class == 'GLACIER': @@ -80,7 +80,7 @@ object; S3 already knows how to decrypt the object. import boto3 import os - BUCKET = 'your-bucket-name' + BUCKET = 'amzn-s3-demo-bucket' s3 = boto3.client('s3') keyid = '' @@ -122,7 +122,7 @@ Boto3 will automatically compute this value for us. import boto3 import os - BUCKET = 'your-bucket-name' + BUCKET = 'amzn-s3-demo-bucket' KEY = os.urandom(32) s3 = boto3.client('s3') @@ -158,7 +158,7 @@ S3 object. s3 = boto3.client('s3') s3.download_file( - "bucket-name", "key-name", "tmp.txt", + "amzn-s3-demo-bucket", "key-name", "tmp.txt", ExtraArgs={"VersionId": "my-version-id"} ) @@ -175,7 +175,7 @@ using JMESPath. s3 = boto3.client("s3") s3_paginator = s3.get_paginator('list_objects_v2') - s3_iterator = s3_paginator.paginate(Bucket='your-bucket-name') + s3_iterator = s3_paginator.paginate(Bucket='amzn-s3-demo-bucket') filtered_iterator = s3_iterator.search( "Contents[?to_string(LastModified)>='\"2022-01-05 08:05:37+00:00\"'].Key" diff --git a/boto3/s3/inject.py b/boto3/s3/inject.py index bf6e751f38..a8de4f241e 100644 --- a/boto3/s3/inject.py +++ b/boto3/s3/inject.py @@ -113,7 +113,7 @@ def upload_file( import boto3 s3 = boto3.client('s3') - s3.upload_file('/tmp/hello.txt', 'mybucket', 'hello.txt') + s3.upload_file('/tmp/hello.txt', 'amzn-s3-demo-bucket', 'hello.txt') Similar behavior as S3Transfer's upload_file() method, except that argument names are capitalized. Detailed examples can be found at @@ -160,7 +160,7 @@ def download_file( import boto3 s3 = boto3.client('s3') - s3.download_file('mybucket', 'hello.txt', '/tmp/hello.txt') + s3.download_file('amzn-s3-demo-bucket', 'hello.txt', '/tmp/hello.txt') Similar behavior as S3Transfer's download_file() method, except that parameters are capitalized. Detailed examples can be found at @@ -207,7 +207,7 @@ def bucket_upload_file( import boto3 s3 = boto3.resource('s3') - s3.Bucket('mybucket').upload_file('/tmp/hello.txt', 'hello.txt') + s3.Bucket('amzn-s3-demo-bucket').upload_file('/tmp/hello.txt', 'hello.txt') Similar behavior as S3Transfer's upload_file() method, except that parameters are capitalized. Detailed examples can be found at @@ -251,7 +251,7 @@ def bucket_download_file( import boto3 s3 = boto3.resource('s3') - s3.Bucket('mybucket').download_file('hello.txt', '/tmp/hello.txt') + s3.Bucket('amzn-s3-demo-bucket').download_file('hello.txt', '/tmp/hello.txt') Similar behavior as S3Transfer's download_file() method, except that parameters are capitalized. Detailed examples can be found at @@ -295,7 +295,7 @@ def object_upload_file( import boto3 s3 = boto3.resource('s3') - s3.Object('mybucket', 'hello.txt').upload_file('/tmp/hello.txt') + s3.Object('amzn-s3-demo-bucket', 'hello.txt').upload_file('/tmp/hello.txt') Similar behavior as S3Transfer's upload_file() method, except that parameters are capitalized. Detailed examples can be found at @@ -336,7 +336,7 @@ def object_download_file( import boto3 s3 = boto3.resource('s3') - s3.Object('mybucket', 'hello.txt').download_file('/tmp/hello.txt') + s3.Object('amzn-s3-demo-bucket', 'hello.txt').download_file('/tmp/hello.txt') Similar behavior as S3Transfer's download_file() method, except that parameters are capitalized. Detailed examples can be found at @@ -388,10 +388,10 @@ def copy( import boto3 s3 = boto3.resource('s3') copy_source = { - 'Bucket': 'mybucket', + 'Bucket': 'amzn-s3-demo-bucket1', 'Key': 'mykey' } - s3.meta.client.copy(copy_source, 'otherbucket', 'otherkey') + s3.meta.client.copy(copy_source, 'amzn-s3-demo-bucket2', 'otherkey') :type CopySource: dict :param CopySource: The name of the source bucket, key name of the @@ -469,10 +469,10 @@ def bucket_copy( import boto3 s3 = boto3.resource('s3') copy_source = { - 'Bucket': 'mybucket', + 'Bucket': 'amzn-s3-demo-bucket1', 'Key': 'mykey' } - bucket = s3.Bucket('otherbucket') + bucket = s3.Bucket('amzn-s3-demo-bucket2') bucket.copy(copy_source, 'otherkey') :type CopySource: dict @@ -534,10 +534,10 @@ def object_copy( import boto3 s3 = boto3.resource('s3') copy_source = { - 'Bucket': 'mybucket', + 'Bucket': 'amzn-s3-demo-bucket1', 'Key': 'mykey' } - bucket = s3.Bucket('otherbucket') + bucket = s3.Bucket('amzn-s3-demo-bucket2') obj = bucket.Object('otherkey') obj.copy(copy_source) @@ -595,7 +595,7 @@ def upload_fileobj( s3 = boto3.client('s3') with open('filename', 'rb') as data: - s3.upload_fileobj(data, 'mybucket', 'mykey') + s3.upload_fileobj(data, 'amzn-s3-demo-bucket', 'mykey') :type Fileobj: a file-like object :param Fileobj: A file-like object to upload. At a minimum, it must @@ -656,7 +656,7 @@ def bucket_upload_fileobj( import boto3 s3 = boto3.resource('s3') - bucket = s3.Bucket('mybucket') + bucket = s3.Bucket('amzn-s3-demo-bucket') with open('filename', 'rb') as data: bucket.upload_fileobj(data, 'mykey') @@ -705,7 +705,7 @@ def object_upload_fileobj( import boto3 s3 = boto3.resource('s3') - bucket = s3.Bucket('mybucket') + bucket = s3.Bucket('amzn-s3-demo-bucket') obj = bucket.Object('mykey') with open('filename', 'rb') as data: @@ -754,7 +754,7 @@ def download_fileobj( s3 = boto3.client('s3') with open('filename', 'wb') as data: - s3.download_fileobj('mybucket', 'mykey', data) + s3.download_fileobj('amzn-s3-demo-bucket', 'mykey', data) :type Bucket: str :param Bucket: The name of the bucket to download from. @@ -815,7 +815,7 @@ def bucket_download_fileobj( import boto3 s3 = boto3.resource('s3') - bucket = s3.Bucket('mybucket') + bucket = s3.Bucket('amzn-s3-demo-bucket') with open('filename', 'wb') as data: bucket.download_fileobj('mykey', data) @@ -864,7 +864,7 @@ def object_download_fileobj( import boto3 s3 = boto3.resource('s3') - bucket = s3.Bucket('mybucket') + bucket = s3.Bucket('amzn-s3-demo-bucket') obj = bucket.Object('mykey') with open('filename', 'wb') as data: diff --git a/docs/source/guide/credentials.rst b/docs/source/guide/credentials.rst index bda11f78a2..9fa24c9125 100644 --- a/docs/source/guide/credentials.rst +++ b/docs/source/guide/credentials.rst @@ -28,12 +28,14 @@ There are two types of configuration data in Boto3: credentials and non-credenti Boto3 will look in several locations when searching for credentials. The mechanism in which Boto3 looks for credentials is to search through a list of possible locations and stop as soon as it finds credentials. The order in which Boto3 searches for credentials is: -#. Passing credentials as parameters in the ``boto.client()`` method +#. Passing credentials as parameters in the ``boto3.client()`` method #. Passing credentials as parameters when creating a ``Session`` object #. Environment variables +#. Assume role provider +#. Assume role with web identity provider +#. AWS IAM Identity Center credential provider #. Shared credential file (``~/.aws/credentials``) #. AWS config file (``~/.aws/config``) -#. Assume Role provider #. Boto2 config file (``/etc/boto.cfg`` and ``~/.boto``) #. Instance metadata service on an Amazon EC2 instance that has an IAM role configured. @@ -91,72 +93,6 @@ Boto3 will check these environment variables for credentials: * ``AWS_SESSION_TOKEN`` - The session key for your AWS account. This is only needed when you are using temporary credentials. The ``AWS_SECURITY_TOKEN`` environment variable can also be used, but is only supported for backwards compatibility purposes. ``AWS_SESSION_TOKEN`` is supported by multiple AWS SDKs besides python. -Shared credentials file ------------------------ - -The shared credentials file has a default location of ``~/.aws/credentials``. You can change the location of the shared credentials file by setting the ``AWS_SHARED_CREDENTIALS_FILE`` environment variable. - -This file is an INI formatted file with section names corresponding to profiles. With each section, the three configuration variables shown above can be specified: ``aws_access_key_id``, ``aws_secret_access_key``, ``aws_session_token``. *These are the only supported values in the shared credential file.* - -Below is a minimal example of the shared credentials file: - -.. code-block:: ini - - [default] - aws_access_key_id=foo - aws_secret_access_key=bar - aws_session_token=baz - -The shared credentials file also supports the concept of profiles. Profiles represent logical groups of configuration. The shared credential file can have multiple profiles: - -.. code-block:: ini - - [default] - aws_access_key_id=foo - aws_secret_access_key=bar - - [dev] - aws_access_key_id=foo2 - aws_secret_access_key=bar2 - - [prod] - aws_access_key_id=foo3 - aws_secret_access_key=bar3 - - -You can then specify a profile name via the ``AWS_PROFILE`` environment variable or the ``profile_name`` argument when creating a ``Session``. For example, we can create a Session using the “dev” profile and any clients created from this session will use the “dev” credentials: - -.. code-block:: python - - import boto3 - - session = boto3.Session(profile_name='dev') - dev_s3_client = session.client('s3') - - - -AWS config file ---------------- - -Boto3 can also load credentials from ``~/.aws/config``. You can change this default location by setting the ``AWS_CONFIG_FILE`` environment variable. The config file is an INI format, with the same keys supported by the shared credentials file. The only difference is that profile sections *must* have the format of ``[profile profile-name]``, except for the default profile: - -.. code-block:: ini - - [default] - aws_access_key_id=foo - aws_secret_access_key=bar - - [profile dev] - aws_access_key_id=foo2 - aws_secret_access_key=bar2 - - [profile prod] - aws_access_key_id=foo3 - aws_secret_access_key=bar3 - -The reason that section names must start with profile in the ``~/.aws/config`` file is because there are other sections in this file that are permitted that aren't profile configurations. - - Assume role provider -------------------- @@ -178,7 +114,7 @@ You can specify the following configuration values for configuring an IAM role i If MFA authentication is not enabled then you only need to specify a ``role_arn`` and a ``source_profile``. -When you specify a profile that has an IAM role configuration, Boto3 will make an ``AssumeRole`` call to retrieve temporary credentials. Subsequent Boto3 API calls will use the cached temporary credentials until they expire, in which case Boto3 will then automatically refresh the credentials. +When you specify a profile that has an IAM role configuration, Boto3 will make an ``AssumeRole`` call to retrieve temporary credentials. Subsequent Boto3 API calls will use the cached temporary credentials until they expire, in which case Boto3 will then automatically refresh the credentials. Please note that Boto3 does not write these temporary credentials to disk. This means that temporary credentials from the ``AssumeRole`` calls are only cached in-memory within a single session. All clients created from that session will share the same temporary credentials. @@ -228,10 +164,11 @@ This provider can also be configured via environment variables: * ``AWS_WEB_IDENTITY_TOKEN_FILE`` - The path to the web identity token file. * ``AWS_ROLE_SESSION_NAME`` - The name applied to this assume-role session. -.. note:: +.. note:: These environment variables currently only apply to the assume role with web identity provider and do not apply to the general assume role provider configuration. + AWS IAM Identity Center ----------------------- @@ -267,6 +204,72 @@ For example, we can create a Session using the ``my-sso-profile`` profile and an session = boto3.Session(profile_name='my-sso-profile') s3_client = session.client('s3') + +Shared credentials file +----------------------- + +The shared credentials file has a default location of ``~/.aws/credentials``. You can change the location of the shared credentials file by setting the ``AWS_SHARED_CREDENTIALS_FILE`` environment variable. + +This file is an INI formatted file with section names corresponding to profiles. With each section, the three configuration variables shown above can be specified: ``aws_access_key_id``, ``aws_secret_access_key``, ``aws_session_token``. *These are the only supported values in the shared credential file.* + +Below is a minimal example of the shared credentials file: + +.. code-block:: ini + + [default] + aws_access_key_id=foo + aws_secret_access_key=bar + aws_session_token=baz + +The shared credentials file also supports the concept of profiles. Profiles represent logical groups of configuration. The shared credential file can have multiple profiles: + +.. code-block:: ini + + [default] + aws_access_key_id=foo + aws_secret_access_key=bar + + [dev] + aws_access_key_id=foo2 + aws_secret_access_key=bar2 + + [prod] + aws_access_key_id=foo3 + aws_secret_access_key=bar3 + + +You can then specify a profile name via the ``AWS_PROFILE`` environment variable or the ``profile_name`` argument when creating a ``Session``. For example, we can create a Session using the “dev” profile and any clients created from this session will use the “dev” credentials: + +.. code-block:: python + + import boto3 + + session = boto3.Session(profile_name='dev') + dev_s3_client = session.client('s3') + + +AWS config file +--------------- + +Boto3 can also load credentials from ``~/.aws/config``. You can change this default location by setting the ``AWS_CONFIG_FILE`` environment variable. The config file is an INI format, with the same keys supported by the shared credentials file. The only difference is that profile sections *must* have the format of ``[profile profile-name]``, except for the default profile: + +.. code-block:: ini + + [default] + aws_access_key_id=foo + aws_secret_access_key=bar + + [profile dev] + aws_access_key_id=foo2 + aws_secret_access_key=bar2 + + [profile prod] + aws_access_key_id=foo3 + aws_secret_access_key=bar3 + +The reason that section names must start with profile in the ``~/.aws/config`` file is because there are other sections in this file that are permitted that aren't profile configurations. + + Boto2 configuration file support -------------------------------- diff --git a/setup.cfg b/setup.cfg index 9d364473f5..4e5c8ccabc 100644 --- a/setup.cfg +++ b/setup.cfg @@ -3,7 +3,7 @@ universal = 0 [metadata] requires_dist = - botocore>=1.35.54,<1.36.0 + botocore>=1.35.55,<1.36.0 jmespath>=0.7.1,<2.0.0 s3transfer>=0.10.0,<0.11.0 diff --git a/setup.py b/setup.py index c3bfcdb9be..1b8590519c 100644 --- a/setup.py +++ b/setup.py @@ -14,7 +14,7 @@ requires = [ - 'botocore>=1.35.54,<1.36.0', + 'botocore>=1.35.55,<1.36.0', 'jmespath>=0.7.1,<2.0.0', 's3transfer>=0.10.0,<0.11.0', ]