The 2 different classes are about different levels of abstraction.
- Client classes are low level wrappers around each API action. ie. AuthorizeSecurityGroupIngress
- Resource classes are object oriented, you instantiate an object to represent the group and interact with it that way. It provides a higher level of abstraction that decouples you from the individual API calls and provides some persistence
to show the difference, lets create a security group and open port 80 to the internet.
with client
ec2 = boto3.client('ec2')
response = ec2.create_security_group(GroupName='testgroup2',Description='testme')
ec2.authorize_security_group_ingress(GroupId=response['GroupId'],IpProtocol="tcp",CidrIp="0.0.0.0/0",FromPort=80,ToPort=80)
with resource:
ec2 = boto3.resource('ec2')
mysg = ec2.create_security_group(GroupName="testgroup",Description='testme')
mysg.authorize_ingress(IpProtocol="tcp",CidrIp="0.0.0.0/0",FromPort=80,ToPort=80)
The key difference here is that resource object eliminates the need for a "response" variable and takes care of remembering the Security group for later use. It doesn't seem like a big difference but it makes your code cleaner and more object oriented
see the boto docs: https://boto3.readthedocs.org/en/latest/guide/resources.html for more detail on them.