Testing Python AWS calls with Moto

In my previous Writing Tests For Your Python Project, I started writing tests for my Python code but then ran out of options because I had completed all tests that didn’t involve calls to the AWS API. Now we’ll begin testing Python AWS calls with Moto. You can view some additional details about Moto in their documentation. You will want to also review the list of Implemented Services in the Moto documentation to make sure you the API endpoints and methods are supported. The good news is that there are very few unsupported methods. The bad news is that they do not support the describe_export_tasks for the logs endpoint and we use that in our code. Because of this not being supported we’ll not create a test for it in this example. ...

January 27, 2023 · 9 min · Scott

Exporting CloudWatch Logs to S3

I had to figure out how to get logs from CloudWatch into S3. This task is actually pretty easy because AWS provides a very nice tutorial, Exporting log data to Amazon S3, that explains how to do this either via Console or CLI. My problem is that I needed to do this daily so automating this task was my next struggle. The AWS tutorial provides details on setting up S3 and IAM for this solution so I won’t cover that here. I also found a great article by Omar Dulaimi that was the basis for my code (why completely reinvent the wheel?). With both of these laying the ground work, I got right to putting this together. ...

October 9, 2022 · 5 min · Scott

Checking and Correcting Permissions in Amazon Redshift

I needed to make sure I had two users in an Amazon Redshift cluster (readonly and readwrite). I needed to make sure their permissions were set appropriately so the first step was to first see what their permissions were on the schema and then the tables. First we check their schema permissions with the below query that makes use of the has_schema_privilege function: SELECT u.usename, s.schemaname, has_schema_privilege(u.usename,s.schemaname,'create') AS user_has_create_permission, has_schema_privilege(u.usename,s.schemaname,'usage') AS user_has_usage_permission FROM pg_user u CROSS JOIN (SELECT DISTINCT schemaname FROM pg_tables) s WHERE (u.usename = 'readonly' OR u.usename = 'readwrite') AND s.schemaname = 'public'; The query above filters on the specific users and schema I’m checking against. You are welcome to customize this query to look for all users and/or all schemas. This query results in the below permissions on the public schema for these users: ...

August 16, 2022 · 4 min · Scott