Connect Streamlit to AWS S3

Introduction

This guide explains how to securely access files on AWS S3 from Streamlit Community Cloud. It uses the s3fs library and Streamlit's secrets management.

Create an S3 bucket and add a file

push_pin

Note

If you already have a bucket that you want to use, feel free to skip to the next step.

First, sign up for AWS or log in. Go to the S3 console and create a new bucket:

AWS screenshot 1
AWS screenshot 2

Navigate to the upload section of your new bucket:

AWS screenshot 3
AWS screenshot 4

And note down the "AWS Region" for later. In this example, it's us-east-1, but it may differ for you.

Next, upload the following CSV file, which contains some example data:

myfile.csv

Create access keys

Go to the AWS console, create access keys as shown below and copy the "Access Key ID" and "Secret Access Key":

AWS screenshot 5
AWS screenshot 6
star

Tip

Access keys created as a root user have wide-ranging permissions. In order to make your AWS account more secure, you should consider creating an IAM account with restricted permissions and using its access keys. More information here.

Add the key to your local app secrets

Your local Streamlit app will read secrets from a file .streamlit/secrets.toml in your app's root directory. Create this file if it doesn't exist yet and add to it the access key ID, access key secret, and the AWS default region you noted down earlier, as shown below:

# .streamlit/secrets.toml
AWS_ACCESS_KEY_ID = "xxx"
AWS_SECRET_ACCESS_KEY = "xxx"
AWS_DEFAULT_REGION = "xxx"
priority_high

Important

Be sure to replace xxx above with the values you noted down earlier, and add this file to .gitignore so you don't commit it to your GitHub repo!

Copy your app secrets to the cloud

As the secrets.toml file above is not committed to GitHub, you need to pass its content to your deployed app (on Streamlit Community Cloud) separately. Go to the app dashboard and in the app's dropdown menu, click on Edit Secrets. Copy the content of secrets.toml into the text area. More information is available at Secrets Management.

Secrets manager screenshot

Add s3fs to your requirements file

Add the s3fs package to your requirements.txt file, preferably pinning its version (replace x.x.x with the version you want installed):

# requirements.txt
s3fs==x.x.x

Write your Streamlit app

Copy the code below to your Streamlit app and run it. Make sure to adapt the name of your bucket and file. Note that Streamlit automatically turns the access keys from your secrets file into environment variables, where s3fs searches for them by default.

# streamlit_app.py

import streamlit as st
import s3fs
import os

# Create connection object.
# `anon=False` means not anonymous, i.e. it uses access keys to pull data.
fs = s3fs.S3FileSystem(anon=False)

# Retrieve file contents.
# Uses st.cache_data to only rerun when the query changes or after 10 min.
@st.cache_data(ttl=600)
def read_file(filename):
    with fs.open(filename) as f:
        return f.read().decode("utf-8")

content = read_file("testbucket-jrieke/myfile.csv")

# Print results.
for line in content.strip().split("\n"):
    name, pet = line.split(",")
    st.write(f"{name} has a :{pet}:")

See st.cache_data above? Without it, Streamlit would run the query every time the app reruns (e.g. on a widget interaction). With st.cache_data, it only runs when the query changes or after 10 minutes (that's what ttl is for). Watch out: If your database updates more frequently, you should adapt ttl or remove caching so viewers always see the latest data. Learn more in Caching.

If everything worked out (and you used the example file given above), your app should look like this:

Finished app screenshot

Was this page helpful?

editSuggest edits
forum

Still have questions?

Our forums are full of helpful information and Streamlit experts.

Previous: Connect to data sourcesNext: BigQuery