How can I protect my AWS access id and secret key in my python application

Question

I\'m making an application in Python and using Amazon Web Services in some modules.

I\'m now hard coding my AWS access id and secret key in *.py file. Or might move them

Answer 1

I've been trying to answer the same question... the generate_url(x) looks quite promising.

This link had a suggestion about creating a cloudfront origin access identity, which I'm guessing taps into the IAM authentication... meaning you could create a key for each application without giving away your main account details. With IAM, you can set permissions based on keys as to what they can do, so they can have limited access.

Note: I don't know if this really works, I haven't tried it yet, but it might be another avenue to explore.

2 - Create a Cloudfront "Origin Access Identity"

This identity can be reused for many different distributions and keypairs. It is only used to allow cloudfront to access your private S3 objects without allowing everyone. As of now, this step can only be performed using the API. Boto code is here:

# Create a new Origin Access Identity
oai = cf.create_origin_access_identity(comment='New identity for secure videos')

print("Origin Access Identity ID: %s" % oai.id)
print("Origin Access Identity S3CanonicalUserId: %s" % oai.s3_user_id)