Need way to override client config when creating resource (for s3v4 sigs)

[mbarrien]

I would like a way to programatically force a resource to use s3v4 signatures when the endpoint config doesn't specify that the endpoint is using v4 signatures

When creating a resource as follows:

import boto3
resource = boto3.resource('s3')

... the boto3.session.resource() method hard codes a botocore.Client config at https://github.com/boto/boto3/blob/1.0.1/boto3/session.py#L264 to be passed into the client that's internally created for the resource.

The only way I can see to force v4 signatures is to set it inside the .aws/config file via the very under-documented aws configure set default.s3.signature_version s3v4 that I found in boto/botocore#377 .

I need v4 signatures in the context of creating presigned URLs in combination with server side key management via KMS. I try to use resource.meta.client.generate_presigned_url(). Yes I could create a separate client and force my own config within that client (since boto3.client() does allow a config argument, but that 1) creates inconsistency for v4 access for presigned URLs, v1 access otherwise, 2) requires me to have separate objects, thus repeating myself, and 3) still doesn't allow other client config within the resource that might be useful outside of the signature version, like actually accessing KMS encrypted objects using the API.

Is there any objection to adding a client argument to boto3.resource()/boto3.session.resource() or is this against some design principle of boto3?

[jamesls]

No objection, we just wanted to ensure there was a concrete use case for adding this, which we now have.

We'd need to figure out if we want to add a client argument or if we want to add config argument, similar to what we do for the client() method.

Marking as a feature request.

[dialt0ne]

+1 for this. I am trying to copy_object from a KMS encrypted bucket and need s3v4.