HowTo: Debugging Amazon Web Services session-related applications (AWS CLI, Boto3) in Pycharm 

It’s not very hard to create an app or script in Python, which uses AWS infrastructure. We can implement it using the AWS CLI tool call from Python or Boto3 library. But because the calling of AWS functions is relying on a particular AWS-session, debugging it using a common IDE like Pycharm is not an obvious thing to make.

The particular problem is that the AWS session is encapsulated in a particular terminal session, and it’s not spread across different terminal sessions. So, If one got an already working session in the terminal, starting a debug process in Pycharm by default will create a new terminal session without an AWS session. 

The solution for this problem is to ease an AWS session creation in the particular terminal, and use Pycharm’s remote debugging functionality, which will allow using the particular terminal session.

1. AWS session creation 

To make an AWS session activation easier, one can use the bash script below:




IDENTITY_JSON=$(aws $ARGS sts get-caller-identity)

USER_JSON=$(aws $ARGS iam get-user)

ACCOUNT=$(echo "$IDENTITY_JSON" | jq -r '.Account')
IAMUSER=$(echo "$USER_JSON" | jq -r '.User.UserName')


echo -n "MFA for $MFA_ARN: " >&2
echo ""

SESSION_JSON=$(aws $ARGS sts get-session-token --serial-number "$MFA_ARN" --token-code "$MFA_TOKEN_CODE")
if [ $? != 0 ]; then
        exit 1

AWS_ACCESS_KEY_ID=$(echo "$SESSION_JSON" | jq -r '.Credentials.AccessKeyId')
AWS_SESSION_TOKEN="$(echo "$SESSION_JSON" | jq -r '.Credentials.SessionToken')"
AWS_SECRET_ACCESS_KEY=$(echo "$SESSION_JSON" | jq -r '.Credentials.SecretAccessKey')


echo "--- ACTIVATED ---"

Copy it to the file and run ‘source script file’. The script will ask to enter an MFA token and if it succeeds with the authorisation, it will create a session in the terminal.

2. Setting up Pycharm remote debugger

a. Enter “Edit Configurations…” menu, where one is choosing what to run.

b. Create (+) new configuration of “Python Remote Debug” type

Here you will see the Hostname and Port parameters, while the Hostname is better to leave as ‘localhost’, it’s better to change Port to something particular. For this example, I’ll use 5255 port.

After changing the port number, in the upper field one will see the command which should be used to connect to the Debug server. Like:

import pydevd_pycharm
pydevd_pycharm.settrace(‘localhost’, port=5525, stdoutToServer=True, stderrToServer=True)

This call can be wrapped up in try-except statements and should be added as the first call in the script. 

3. Starting the debugger with AWS session 

When you run Pycharm with Remote debugging configuration, it opens the server on a mentioned Port, and waiting till any client (as a python script) will connect to this port. 

When the script is connected to a remote debugger, the debugger will take care of running the script further, manage breakpoints, see variables, etc. But it will be used in the terminal’s context, where the client script is engaged.

a. In the terminal session, create an AWS session, using the script mentioned in the 1st step. One can use a terminal inside Pycharm

b. Start the Remote debugger configuration in Pycharm configured in the 2nd step.c. In the terminal with an active session run the pre-configured in the 2nd step python script, using default run, like “python”

d. The script will automatically connect to the Pycharm debugger server and one can debug the script which will be run in existing AWS session

And that’s it!

Leave a Reply