The AWS CloudFront helps you to perform various tasks including retrieving data. To do that, you need a Python library named boto3. This library allows you to interact with resources in AWS with the help of Python code. One more thing to consider while using boto3 to connect to AWS resources is selecting the right AWS profile. 

In this article, we have covered 4 easy methods on how to choose an AWS profile when using boto3 to connect to CloudFront. 

What is an AWS Profile?

An AWS profile is the name of various credentials that enable you to access AWS resources. Now to access AWS credentials you need an access key and a secret access key. These keys are used to authenticate your request to access AWS resources. You can access and manage AWS profiles using the AWS Console Management and AWS CLI (Command Line Interfaces) with boto3. 

At the time of creating an AWS profile specify the secret key and access key that is associated with the profile of the credential. Plus, you can specify other settings like output format and default region. 

If you are looking for diwfferent> ways to do REST API Versioning in API Gateway then our blog will help you. 

Why it is important to select the right AWS Profile?

There are many reasons to select the right AWS profile. First and foremost, the right choice of AWS profile makes sure that you have all the required permissions to >know and access the AWS resources. Secondly, you can control the cost of AWS resource access if you specify the credential you want to select for each request. And lastly, it enables you to manage the access to the resources of AWS across multiple apps and users. 

How to select an AWS Profile for CloudFront

At the time of selecting boto3 to connect to CloudFront, you can select an AWS profile in many ways. The following are the 4 easiest methods.

Method 1: Use code to specify the profile

You can create a Session object and pass the profile name to the profile_name parameter by ussing your Python code. This will help you specify the AWS profile. 

Here, we have created a Session object and describe your profile name as my_profile. After this you need to create a client object as cloudfront using the method client of the Session object. 

Method 2: Use of Environment Variables

This is the second method you can use to select the AWS profile by setting the AWS_PROFILE as environment variable. 

This example signifies that we have set the environment variable AWS_PROFILE as the my_profile. Any further subsequent calls to boto3 will be using this profile. 

Method 3: Use the default profile

In case you have not specified a profile name, you can use boto3 as default profile. You can see the default profile in the ~/.aws/config file. 

Here, we have set the default profile to us-west-2 and json output format. In case you have not specified any profile name in your code or used environment variables, the default profile will be boto3. 

Method: Use IAM Roles

Finally, you may access AWS resources using IAM roles without providing any passwords. When you need to utilize temporary credentials or don't want to keep them on your local machine, this is helpful.

You first need to create a boto3.Session object instance by using boto3.session.Session object to use IAM roles. After this you can use the sts client assuming an IAM role to get temporary credentials. 

In this example, a Session object is first created without a profile name. The client method of the Session object is then used to generate a new client object. To assume an IAM role and receive temporary credentials, we use this object. After that, we use the temporary credentials to construct a cloudfront client object.