avatarTeri Radichel

Free AI web copilot to create summaries, insights and extended knowledge, download it at here

3870

Abstract

ything is an API call. The infamous Bezos memo on the topic:</p><div id="b0d4" class="link-block"> <a href="https://nordicapis.com/the-bezos-api-mandate-amazons-manifesto-for-externalization/"> <div> <div> <h2>The Bezos API Mandate: Amazon's Manifesto For Externalization | Nordic APIs |</h2> <div><h3>In 2002, according to tech legend, a mandate was issued by Amazon founder Jeff Bezos. This mandate would serve to form…</h3></div> <div><p>nordicapis.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*DKMhDFIT1F6hIhE8)"></div> </div> </div> </a> </div><p id="e00b"><b>Using Boto3 in Python code</b></p><p id="47b4">The first thing you need to do to use Boto3 in Python is to ensure you have credentials configured to call the AWS services. Since we are going to run our Python code in AWS Batch or AWS Lambda primarily, that consists of defining a role with appropriate permissions and assigning it to the resource. I’ve already explained how to do that in this series.</p><p id="2771">Add the following to your Python import statements at the top of your code to include the Boto3 library in your code. This makes the functionality in the boto3 library available to you in the code that you are writing.</p><div id="33de"><pre><span class="hljs-keyword">import</span> boto3</pre></div><p id="92f1">You can find the boto3 API documentation here:</p><div id="7157" class="link-block"> <a href="https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/index.html"> <div> <div> <h2>Available services - Boto3 Docs 1.24.72 documentation</h2> <div><h3>Edit description</h3></div> <div><p>boto3.amazonaws.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/)"></div> </div> </div> </a> </div><p id="327c">The list of AWS services appears on the left:</p><figure id="e509"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*3tpqluaIUuxYDKWSQQnsHw.png"><figcaption></figcaption></figure><p id="50c3">In the next post I’m going to use AWS Systems Manager (SSM). Scroll down to SSM in the list and click on it.</p><figure id="04ef"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*NdWE9ZGIsIY7mjv9x7UuyA.png"><figcaption></figcaption></figure><p id="f6c6">Whenever we use a service in Python with Boto3 generally the first thing to do is a create a client. That client allows you to call the methods related to that service. In this case we would establish a client like this:</p><div id="e476"><pre><span class="hljs-keyword">client</span> = boto3.<span class="hljs-keyword">client</span>(<span class="hljs-string">'ssm'</span>)</pre></div><p id="f788">Next take a look at the documentation for the method you want to call. I want to store a value in AWS Parameter Store. If I scroll down the list I can see that there is a method called put_parameter.</p><figure id="7fe4"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*-tL_-tGZKW86rwN2Wkl5Hg.png"><figcaption></figcaption></figure><p id="62b5">Click on it and take a look at the documentation:</p><figure id="5ddc"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/1*-sXGSULBh_WJazB9KVWJGQ.png"><figcaption></figcaption></figure><p id="9d0b">That tells you which values you can pass into this function and if they are required or not.</p><div id="1a29"><pre>client.put_parameter( <span class="hljs-attribute">Name</span>=<span class="hljs-string">'name'</span>, <span class="hljs-built

Options

_in">..</span><span class="hljs-built_in">..</span> )</pre></div><p id="d1cb">You can find a lot more information in the documentation including code samples and the types of errors an API returns. In some cases, when retrieving large amounts of data you will need to use a Paginator to get all the data or get it efficiently:</p><div id="ea18" class="link-block"> <a href="https://boto3.amazonaws.com/v1/documentation/api/latest/guide/paginators.html"> <div> <div> <h2>Paginators - Boto3 Docs 1.24.72 documentation</h2> <div><h3>undefined</h3></div> <div><p>undefined</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/)"></div> </div> </div> </a> </div><p id="b4be">Now that you have the basics as we take a look at not just how to add a parameter to SSM Parameter Store, but some of the security controls available as we do so. Remember, the code is simple. Adding security controls to ensure your company doesn’t end up in the news with the latest data breach is another matter.</p><p id="f89b">Follow for updates.</p><p id="bbde">Teri Radichel | <i>© <a href="https://2ndsightlab.com/?source=post_page---------------------------">2nd Sight Lab</a> 2022</i></p><p id="86b1"><i>The best way to support this blog is to sign up for the email list and clap for stories you like. That also helps me determine what stories people like and what to write about more often. Other ways to follow and support are listed below. Thank you!</i></p><div id="a3cb" class="link-block"> <a href="https://2ndsightlab.medium.com/subscribe"> <div> <div> <h2>Get an email whenever Teri Radichel publishes.</h2> <div><h3>Get an email whenever Teri Radichel publishes. By signing up, you will create a Medium account if you don’t already…</h3></div> <div><p>2ndsightlab.medium.com</p></div> </div> <div> <div style="background-image: url(https://miro.readmedium.com/v2/resize:fit:320/0*fjWIo-Np_47AWPAn)"></div> </div> </div> </a> </div><div id="8334"><pre><span class="hljs-section">About Teri Radichel:

Author: Cybersecurity for Executives in the Age of Cloud
Presentations: Presentations by Teri Radichel
Recognition: SANS Difference Makers Award, AWS Security Hero, IANS Faculty
Certifications: SANS
Education: BA Business, Master of Software Engineering, Master of Infosec
Company: Cloud Penetration Tests, Assessments, Training ~ 2nd Sight Lab</pre></div><div id="46f6"><pre><span class="hljs-section">Like this story? Use the options below to support this blog.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</span>
❤️ Clap
❤️ Referrals
❤️ Medium: Teri Radichel
❤️ Email List: Teri Radichel
❤️ Twitter: @teriradichel
❤️ Mastodon: @[email protected]
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
❤️ Buy a Book: Teri Radichel on Amazon
❤️ Request a penetration test, assessment, or training
<span class="hljs-code"> via LinkedIn: Teri Radichel </span>
❤️ Schedule a consulting call with me through IANS Research</pre></div><p id="5a42">My Cybersecurity Book: <a href="https://www.amazon.com/Cybersecurity-Executives-Cloud-Teri-Radichel/dp/1652474811/ref=as_li_ss_tl?_encoding=UTF8&amp;qid=1601801560&amp;sr=1-1&amp;linkCode=ll1&amp;tag=2ndsightlab-20&amp;linkId=3204d6389211538a20eabff16973183e&amp;language=en_US">Cybersecurity for Executives in the Age of Cloud</a></p><figure id="faf5"><img src="https://cdn-images-1.readmedium.com/v2/resize:fit:800/0*H9Ew1KCl-29nZiPR.jpeg"><figcaption></figcaption></figure></article></body>

Using Python and Boto3 in AWS

ACM.55 Boto3 in a Lambda Function and later in AWS Batch

Part of my series on Automating Cybersecurity Metrics. Lambda. Application Security. The Code.

Free Content on Jobs in Cybersecurity | Sign up for the Email List

In the last post I started exploring how to request the capability to send SMS messages on AWS. If you’re embarking on that journey, you may want to read this first.

Before we jump into the next section of posts implementing some Lambda functions with Python to interact with AWS services I just wanted to quickly explain what Boto3 is for anyone who is not familiar.

AWS has a number of software development kits (SDKs) for different languages.

As you may recall when we created a Lambda function in prior posts, both in manual and automated formats, we chose a runtime. That runtime specified that we wanted to use Python and which version of Python.

I already wrote about why Python here:

Prior to that we’ve been using the AWS CLI to create resources used in this series of blog posts. The AWS CLI is basically calling APIs to interact with the AWS platform. As I explain in my classes, everything on AWS almost is an API call behind the scenes. Even if you push a button in the console it calls the AWS APIs to take the actions you see on the screen. It’s no different when we use the AWS Python SDK.

By the way there’s a reason everything is an API call. The infamous Bezos memo on the topic:

Using Boto3 in Python code

The first thing you need to do to use Boto3 in Python is to ensure you have credentials configured to call the AWS services. Since we are going to run our Python code in AWS Batch or AWS Lambda primarily, that consists of defining a role with appropriate permissions and assigning it to the resource. I’ve already explained how to do that in this series.

Add the following to your Python import statements at the top of your code to include the Boto3 library in your code. This makes the functionality in the boto3 library available to you in the code that you are writing.

import boto3

You can find the boto3 API documentation here:

The list of AWS services appears on the left:

In the next post I’m going to use AWS Systems Manager (SSM). Scroll down to SSM in the list and click on it.

Whenever we use a service in Python with Boto3 generally the first thing to do is a create a client. That client allows you to call the methods related to that service. In this case we would establish a client like this:

client = boto3.client('ssm')

Next take a look at the documentation for the method you want to call. I want to store a value in AWS Parameter Store. If I scroll down the list I can see that there is a method called put_parameter.

Click on it and take a look at the documentation:

That tells you which values you can pass into this function and if they are required or not.

client.put_parameter( Name='name', .... )

You can find a lot more information in the documentation including code samples and the types of errors an API returns. In some cases, when retrieving large amounts of data you will need to use a Paginator to get all the data or get it efficiently:

Now that you have the basics as we take a look at not just how to add a parameter to SSM Parameter Store, but some of the security controls available as we do so. Remember, the code is simple. Adding security controls to ensure your company doesn’t end up in the news with the latest data breach is another matter.

Follow for updates.

Teri Radichel | © 2nd Sight Lab 2022

The best way to support this blog is to sign up for the email list and clap for stories you like. That also helps me determine what stories people like and what to write about more often. Other ways to follow and support are listed below. Thank you!

About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
Author: Cybersecurity for Executives in the Age of Cloud
Presentations: Presentations by Teri Radichel
Recognition: SANS Difference Makers Award, AWS Security Hero, IANS Faculty
Certifications: SANS
Education: BA Business, Master of Software Engineering, Master of Infosec
Company: Cloud Penetration Tests, Assessments, Training ~ 2nd Sight Lab
Like this story? Use the options below to support this blog.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Clap
❤️ Referrals
❤️ Medium: Teri Radichel
❤️ Email List: Teri Radichel
❤️ Twitter: @teriradichel
❤️ Mastodon: @[email protected]
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
❤️ Buy a Book: Teri Radichel on Amazon
❤️ Request a penetration test, assessment, or training
 via LinkedIn: Teri Radichel 
❤️ Schedule a consulting call with me through IANS Research

My Cybersecurity Book: Cybersecurity for Executives in the Age of Cloud

Boto3
AWS
Python
Lambda
Batch
Recommended from ReadMedium