I'm seeking advice on the optimal way to set up AWS CLI, Boto3, and Botocore on Debian 13 EC2 instances. Previously, I installed awscli through an EC2 launch template using the command '/usr/bin/apt-get install awscli --assume-yes'. For Boto3 and Botocore, I implemented an Ansible playbook for installation using pip, but without pinned versions. I faced a compatibility issue because of a breaking change in the pip versions of Boto3 and Botocore, affecting the version of awscli taken from Debian 11's apt. To fix this, I updated the launch template to install awscli directly from the official zip file. Now, as I'm testing an upgrade to Debian 13, I'm encountering a roadblock with global pip installs, receiving an 'externally-managed-environment' error, and I'm advised to use venv instead. I'm considering moving the installation of Boto3 and Botocore to the EC2 launch template using apt with the command '/usr/bin/apt-get install awscli python3-boto3 python3-botocore --assume-yes'. This should ensure compatibility among all three packages, but I'm curious if there are any downsides or alternative methods I should consider.
4 Answers
I suggest launching a new EC2 instance with Debian 13, installing AWS CLI and your required packages there, and then creating a new AMI from that instance. This way, you can avoid using user-data scripts that take time to run every time you create a new instance from the launch template.
If your instances are long-running and you have many of them, Ansible might be your best bet. It allows you to manage installations by specifying criteria like installed packages, versions, and files. Alternatively, you can consider using SSM documents, which could simplify the process further.
For vital packages, it’s a good practice to create your own base AMI. You can still rely on user-data, SSM, or other methods for everything else.
I’m not sure what the absolute best method is, but using venv can also work well. It creates a Python environment that's aware of your installed packages, allowing you to invoke Python and pip normally without needing to activate it every time. Here's a quick command setup you could use: 'python3 -m venv /usr/local/python-venv' and then install Boto3 directly in there.
That’s a solid idea! Plus, if you’re already using Ansible, consider using Packer to automate the image provisioning process.