Skip to main content
BackAnt projects ship with a pre-built AWSClient wrapper in api/apis/aws/AWSClient.py. It wraps a boto3.Session and supports all three authentication methods: IAM credentials, AWS profiles, and ECS task role credentials.

AWSClient

Authentication methods

IAM credentials (from environment)

Set the S3 credentials in your .env:
Then instantiate with them from Environment.py:

ECS task role (production)

When running on ECS, leave credentials empty and boto3 picks up the task role automatically:
No credentials needed in .env — IAM permissions are attached to the ECS task definition.

AWS profile (local development)

Using AWS services

Call self.session.client() to get a service client:

S3

SES (email)

Cognito

Adding a new external API

To add a new third-party API (e.g. Stripe, Google, Twilio):
  1. Create a client wrapper in api/apis/<name>/:
  1. Instantiate it as a singleton and inject it into the service that needs it.
  2. Add any required credentials to Environment.py and .env.