Chapter 3We could improve a few other things, especially if we are going to make this into a
production application. The command-line parsing mechanism, although compact,
is not satisfactory from a security perspective, since anybody with access to the
command line can run any built-in python command. It would be better to have a
whitelist of functions and to implement a proper command line parser by using one
of the standard library modules like argparse.
Storing the access ID and the access secret in the source code is also a problem for
security. Several serious security incidents have happened because passwords were
stored in source code and then uploaded to cloud code repositories. It's much better
to load the keys from an external source, such as a file or a database at run time.
The Boto package
We've discussed working directly with the S3 REST API, and this has given us some
useful techniques that will allow us to program against similar APIs in the future.
In many cases, this will be the only way in which we can interact with a web API.
However, some APIs, including AWS, have ready-to-use packages which expose the
functionality of the service without having to deal with the complexities of the HTTP
API. These packages generally make the code cleaner and simpler, and they should
be preferred for doing production work if they're available.
The AWS package is called Boto. We will take a very quick look at the Boto package
to see how it can provide some of the functionalities that we wrote earlier.
The boto package is available in PyPi, so we can install it with pip:
$ pip install boto
Downloading/unpacking boto
...
Now, fire up a Python shell and let's try it out. We need to connect to the service first:
import boto
conn = boto.connect_s3('
', ' ')
You'll need to replace
access secret. Now, let's create a bucket:
conn.create_bucket('mybucket.example.com')