The module is an easy way to build a user database on top of AWS SimpleDB. It is designed a very lightweight implementation of user/password authentication for cloud based services.

This makes it trivial to use in AWS projects that require authentication, for example web services, Lambda, etc.

• Simple interface to add, edit or authenticate users.
• Built in ability to disable or expire users.
• Passwords stored using bcrypt for sensible security.
• Resistance to timing attacks.
• Custom data can be stored per-user (see notes).

Install the latest version from pip:

pip install simpledb_userdb

The following example:

• initialises the module
• adds a user
• adds a role for the user (an arbitrary text string)
• updates the users password
• performs a number of authentication attempts

from simpledb_userdb import UserDatabase

db = UserDatabase()
if db.connect("eu-west-1", "myapp_users"):

    # Add the user and add roles
    db.create_user("alice", "l0vecrypt0!")
    db.add_user_role("alice", "administrator")
    db.add_user_role("alice", "user")

    # This should return success
    print(db.authenticate("alice", "l0vecrypt0!"))

    # This is the wrong password
    print(db.authenticate("alice", "p4ssw0rd!"))

    # Change Alice's password, only the updated attributes
    # need to be passed.
    db.update_user("alice", password="p4ssw0rd!")

    # This user doesn't exist
    print(db.authenticate("bob", "h4cks"))

To cleanup:

db = UserDatabase()
if db.connect("eu-west-1", "myapp_users"):
    # Warning: cannot be undone!
    db.delete_db()

See the documentation for further options.

Information stored per user is purposefully minimal, for example there is no field for name, email or last IP. This is a design choice to keep the API simple and reduce the amount of personal data in the backend. An email address can be used as the username if desired, and other details can be stored as extra data in the user object.

Additional data can be stored for a user as a Python dict, which is serialised to JSON for the database. These attributes cannot be searched and SimpleDB will charge for storage space.

Credentials for AWS are typically required (except for Lambda). The module contains no mechanism to authenticate with AWS, please provide credentials in a file or environment variable (see the Boto 3 docs).