AWS Access

PynamoDB uses botocore to interact with the DynamoDB API. Thus, any method of configuration supported by botocore works with PynamoDB. For local development the use of environment variables such as AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY is probably preferable. You can of course use IAM users, as recommended by AWS. In addition EC2 roles will work as well and would be recommended when running on EC2.

As for the permissions granted via IAM, many tasks can be carried out by PynamoDB. So you should construct your policies as required, see the DynamoDB docs for more information.

If for some reason you can’t use conventional AWS configuration methods, you can set the credentials in the Model Meta class:

from pynamodb.models import Model

class MyModel(Model):
    class Meta:
        aws_access_key_id = 'my_access_key_id'
        aws_secret_access_key = 'my_secret_access_key'
        aws_session_token = 'my_session_token' # Optional, only for temporary credentials like those received when assuming a role

Finally, see the AWS CLI documentation for more details on how to pass credentials to botocore.