Home/ Questions/Q 8174161
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T22:22:50+00:00

What is the best way to manage multiple Amazon Web Services (AWS) accounts through

  • 0

What is the best way to manage multiple Amazon Web Services (AWS) accounts through boto?

I am familiar with BotoConfig files, which I’m using. But each file describes only a single account…and I am working with more than just the one organization. For all the usual legal, financial, and security reasons, those accounts cannot be commingled.

Currently I am using one boto config file per account. E.g.:

  • ~/.boto default account
  • ~/.boto_clowncollege for “clowncollege” account
  • ~/.boto_razorassoc for “razorassoc” account
  • ~/.boto_xyz for “xyz” account

Then something like:

def boto_config_path(account=None):
    """
    Given an account name, return the path to the corresponding boto
    configuration file. If no account given, return the default config file.
    """
    path = '~/.boto' + ('_' + account if account else '')
    clean_path = os.path.abspath(os.path.expanduser(path))
    if os.path.isfile(clean_path):
        return clean_path
    else:
        errmsg = "cannot find boto config file {} for {}".format(clean_path, account)
        raise ValueError(errmsg)

def aws_credentials(account=None):
    """
    Return a tuple of AWS credentials (access key id and secret access key) for
    the given account.
    """
    try:
        cfg = INIConfig(open(boto_config_path(account)))
        return ( cfg.Credentials.aws_access_key_id, cfg.Credentials.aws_secret_access_key )
    except Exception:
        raise

conn = EC2Connection(*aws_credentials('razorassoc'))

Good, bad, or indifferent? Suggested improvements?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In the future, boto will provide better tools to help you manage multiple credentials but at the moment, there are a couple of environment variables that might help out.

    First, you can set BOTO_CONFIG to point to a boto config file that you want to use and it will override any config file found in the normal locations.

    Secondly, you can set BOTO_PATH to a colon-separated list of places to look for a boto config file and it will search there first, prior to the normal search locations.

    Neither of those give you exactly what you want but it may make it easier to accomplish with a bit less code.

    If you have ideas about how you would like this to work in boto, please let me know!

    • 0