How to set up boto3 authentication
Written by
Updated at December 17, 2025
Case description
- You need to create a cloud function that saves its results to an AWS-compatible data storage.
- You need to find out how to authenticate and authorize in the relevant service from the cloud function code using
boto3.
Solution
To access AWS-compatible services, you need static access keys.
Note
AWS-compatible services include:
Metadata only stores the IAM token, not AWS keys. Therefore, you need to use either environment variables to explicitly specify the key and secret, or set up integration with Lockbox.
Example of setting up boto3 for S3 access using environment variables
import os, boto3
s3 = boto3.client('s3',
endpoint_url = 'https://storage.yandexcloud.net',
aws_access_key_id = os.environ['AWS_ACCESS_KEY_ID'],
aws_secret_access_key = os.environ['AWS_SECRET_ACCESS_KEY'],
region_name = os.environ['AWS_DEFAULT_REGION']
)
def handler(event, context):
return s3.list_buckets()['Buckets']