botocore

1.42.77 verified Tue May 12 auth: no python install: verified quickstart: verified

botocore is the low-level, data-driven core of boto3 and the AWS CLI, providing a direct interface to Amazon Web Services APIs. It handles request signing (AWS Signature Version 4), credential resolution, retry logic, pagination, and service model loading. Current version is 1.42.77, released by Amazon Web Services. Releases are extremely frequent — often multiple times per week — tracking new and updated AWS service APIs. Most users interact with botocore indirectly via boto3, but direct use is common for fine-grained control, event hooks, custom credential providers, and low-overhead Lambda code.

pip install botocore

Common errors

error botocore.exceptions.NoCredentialsError: Unable to locate credentials ↓

cause The botocore library cannot find valid AWS credentials in any of the expected locations, such as environment variables, shared credentials file (`~/.aws/credentials`), or an attached IAM role.

fix

Configure AWS credentials by running aws configure via the AWS CLI, setting AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and optionally AWS_SESSION_TOKEN environment variables, or ensuring an appropriate IAM role is assigned to your AWS compute resource (e.g., EC2, Lambda).

error botocore.exceptions.ClientError: An error occurred (InvalidClientTokenId) when calling the [Operation] operation: The security token included in the request is invalid. ↓

cause AWS received the request but rejected the provided security token because it is expired, incorrect, deactivated, or there is a clock skew between your system and AWS servers.

fix

Verify your AWS access key ID and secret access key are correct and active, refresh temporary credentials if using them (e.g., from AWS STS or SSO), ensure your system's clock is synchronized, and check for conflicting credential sources or cached tokens.

error botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL ↓

cause The botocore library failed to establish a network connection to the AWS service endpoint, often due to network issues, incorrect AWS region configuration, DNS problems, or proxy settings.

fix

Check your network connectivity, ensure the AWS region configured in your code or environment (e.g., AWS_DEFAULT_REGION) matches the target service, verify proxy settings if applicable, and confirm proper DNS resolution for the endpoint.

error botocore.exceptions.ParamValidationError: Parameter validation failed: Missing required parameter in input: "ParameterName" ↓

cause An AWS API call was made with missing required parameters or parameters of the wrong data type or format, according to the specific AWS service's API model.

fix

Consult the official Boto3/botocore documentation for the specific AWS service and operation you are calling to ensure all required parameters are provided with the correct types and values.

error botocore.exceptions.EndpointConnectionError: Could not connect to the endpoint URL: "https://..." ↓

cause The client failed to establish a connection to the specified AWS service endpoint, often due to network issues, an incorrect endpoint URL, or firewall restrictions.

fix

Check network connectivity, verify the AWS region and service endpoint URL are correct, confirm any proxy settings are configured properly, or examine firewall rules that might be blocking the connection.

Warnings

breaking Python 3.9 support ends 2026-04-29. After that date botocore will require Python 3.10+. Plan runtime upgrades now, especially for AWS Lambda functions still on the Python 3.9 runtime. ↓

fix Upgrade to Python 3.10 or later before 2026-04-29. Lambda: migrate function runtime to python3.10 or higher.

breaking botocore.vendored.requests and botocore.vendored.requests.packages.urllib3 were removed. Any import from botocore.vendored.* raises ImportError at runtime. ↓

fix Replace `from botocore.vendored.requests.exceptions import ...` with `from botocore.exceptions import ClientError` (and other classes from botocore.exceptions). Import requests/urllib3 exceptions directly from those packages if needed.

breaking The old Service/Operation object interface (session.get_service(), service.get_operation()) was fully removed. Only the client interface is supported. ↓

fix Use `session.create_client('service_name')` and call operations as methods on the client object (e.g., `client.describe_instances()`). All kwargs must be CamelCase — the old snake_case auto-mapping is gone.

breaking The event system emits events keyed by service_id (hyphenated), not by endpoint prefix. Handlers registered against e.g. `before-call.autoscaling` may silently stop firing or start firing for unintended services when endpoint prefixes are shared. ↓

fix Derive the correct event name at runtime: `client.meta.service_model.service_id.hyphenize()`, then register your handler against `before-call.<hyphenized-service-id>`.

gotcha All AWS service exceptions are raised as `ClientError`, not as typed subclasses. You cannot catch service-specific errors by exception type alone — you must inspect `e.response['Error']['Code']` (a string) to branch on specific error codes. ↓

fix Always check `e.response['Error']['Code']` inside an `except ClientError` block. Do not rely on HTTP status codes or exception message strings, which are subject to change.

gotcha urllib3 v2 is only supported on Python 3.10+. On Python 3.9, botocore pins urllib3<1.27, which conflicts with packages that require urllib3>=2. Installing both in the same environment silently pins you to the older urllib3 or raises a ResolutionImpossible error. ↓

fix On Python 3.9 environments, pin urllib3<2 explicitly in your requirements. Prefer upgrading to Python 3.10+ where botocore supports urllib3 v2.

gotcha Credentials are resolved lazily at first API call, not at client creation. Missing or expired credentials raise `NoCredentialsError` or `ClientError` (ExpiredTokenException) only when a request is made, making silent misconfiguration easy to overlook during startup. ↓

fix Validate credentials eagerly in application startup via `session.get_credentials()` and check the result is not None, or make a cheap test call (e.g., `sts.get_caller_identity()`) to fail fast.

Install

pip install boto3

Install compatibility verified last tested: 2026-05-12

python os / libc variant status wheel install import disk

3.10 alpine (musl) boto3 - - 0.53s 50.3M

3.10 alpine (musl) botocore - - 0.53s 48.1M

3.10 slim (glibc) boto3 - - 0.41s 51M

3.10 slim (glibc) botocore - - 0.41s 49M

3.11 alpine (musl) boto3 - - 0.76s 53.2M

3.11 alpine (musl) botocore - - 0.76s 50.9M

3.11 slim (glibc) boto3 - - 0.64s 54M

3.11 slim (glibc) botocore - - 0.65s 51M

3.12 alpine (musl) boto3 - - 0.65s 44.9M

3.12 alpine (musl) botocore - - 0.65s 42.5M

3.12 slim (glibc) boto3 - - 0.65s 45M

3.12 slim (glibc) botocore - - 0.65s 43M

3.13 alpine (musl) boto3 - - 0.63s 44.5M

3.13 alpine (musl) botocore - - 0.61s 42.2M

3.13 slim (glibc) boto3 - - 0.63s 45M

3.13 slim (glibc) botocore - - 0.65s 43M

3.9 alpine (musl) boto3 - - 0.43s 49.8M

3.9 alpine (musl) botocore - - 0.43s 47.6M

3.9 slim (glibc) boto3 - - 0.39s 50M

3.9 slim (glibc) botocore - - 0.39s 48M

Imports

get_session
wrong
```
import botocore; botocore.session()
```
correct
```
import botocore.session; session = botocore.session.get_session()
```
The top-level `botocore` namespace does not expose session or client constructors directly. Always import `botocore.session` and call `get_session()`.
ClientError
wrong
```
from botocore.vendored.requests.exceptions import ...
```
correct
```
from botocore.exceptions import ClientError
```
All vendored requests/urllib3 exception imports (botocore.vendored.*) were removed. Use botocore.exceptions for all exception classes.
BotoCoreError
```
from botocore.exceptions import BotoCoreError
```
Base class for all client-side botocore errors (config, validation, connectivity). Catch alongside ClientError for complete coverage.
Config
```
from botocore.config import Config
```
Used to configure retries, timeouts, signature version, addressing style, and other per-client options passed via session.create_client(..., config=Config(...)).
Session (low-level)
```
import botocore.session; s = botocore.session.Session()
```
botocore.session.Session is the raw low-level session. boto3.session.Session wraps it and is the preferred interface for most users.

Quickstart verified last tested: 2026-04-23

Create a botocore session, build an S3 client using environment-variable credentials, and handle errors idiomatically by inspecting the structured error response.

import os
import botocore.session
from botocore.config import Config
from botocore.exceptions import ClientError, BotoCoreError

# Build session — credentials resolved from env, ~/.aws/credentials, or IAM role
session = botocore.session.get_session()

client = session.create_client(
    's3',
    region_name=os.environ.get('AWS_DEFAULT_REGION', 'us-east-1'),
    aws_access_key_id=os.environ.get('AWS_ACCESS_KEY_ID', ''),
    aws_secret_access_key=os.environ.get('AWS_SECRET_ACCESS_KEY', ''),
    config=Config(
        retries={'max_attempts': 5, 'mode': 'adaptive'},
        connect_timeout=5,
        read_timeout=10,
    ),
)

try:
    response = client.list_buckets()
    for bucket in response.get('Buckets', []):
        print(bucket['Name'])
except ClientError as e:
    # AWS service-side error — inspect the structured code, NOT the string message
    code = e.response['Error']['Code']
    msg  = e.response['Error']['Message']
    print(f'AWS error [{code}]: {msg}')
    if code == 'AccessDenied':
        raise PermissionError('Check IAM permissions') from e
except BotoCoreError as e:
    # Client-side error (bad config, network, credential resolution)
    print(f'botocore client error: {e}')
    raise