ray-project · aslonnie · Oct 20, 2025 · Oct 20, 2025 · cursor · Oct 20, 2025
diff --git a/.buildkite/data.rayci.yml b/.buildkite/data.rayci.yml
@@ -291,7 +291,6 @@ steps:
       - skip-on-premerge
     instance_type: medium
     commands:
-      - pip install -U boto3==1.28.70 awscli==1.29.70
       - $(python ci/env/setup_credentials.py)
       - bazel run //ci/ray_ci:test_in_docker -- //python/ray/data/... data
         --build-name datalbuild

diff --git a/.buildkite/ml.rayci.yml b/.buildkite/ml.rayci.yml
@@ -157,7 +157,6 @@ steps:
       - oss
     instance_type: medium
     commands:
-      - pip install -U boto3==1.28.70 awscli==1.29.70
       - $(python ci/env/setup_credentials.py)
       - bazel run //ci/ray_ci:test_in_docker -- //python/ray/train/... ml
         --parallelism-per-worker 3
@@ -295,7 +294,6 @@ steps:
       - oss
     instance_type: medium
     commands:
-      - pip install -U boto3==1.28.70 awscli==1.29.70
       - $(python ci/env/setup_credentials.py)
       - bazel run //ci/ray_ci:test_in_docker -- //... ml --run-flaky-tests
         --parallelism-per-worker 3

diff --git a/ci/env/setup_credentials.py b/ci/env/setup_credentials.py
@@ -8,19 +8,30 @@
 export COMET_API_KEY=efgh
 """
 import json
+import subprocess
 import sys
 
-import boto3
-
 AWS_AIR_SECRETS_ARN = (
     "arn:aws:secretsmanager:us-west-2:029272617770:secret:"
     "oss-ci/ray-air-test-secrets20221014164754935800000002-UONblX"
 )
 
 
-def get_ray_air_secrets(client):
-    raw_string = client.get_secret_value(SecretId=AWS_AIR_SECRETS_ARN)["SecretString"]
-    return json.loads(raw_string)
+def get_ray_air_secrets():
+    output = subprocess.check_output(
+        [
+            "aws",
+            "secretsmanager",
+            "get-secret-value",
+            "--region",
+            "us-west-2",
+            "--secret-id",
+            AWS_AIR_SECRETS_ARN,
+        ]
+    )
+
+    parsed_output = json.loads(output)
+    return json.loads(parsed_output["SecretString"])
 
 
 SERVICES = {
@@ -36,10 +47,8 @@ def get_ray_air_secrets(client):
 
 
 def main():
-
     try:
-        client = boto3.client("secretsmanager", region_name="us-west-2")
-        ray_air_secrets = get_ray_air_secrets(client)
+        ray_air_secrets = get_ray_air_secrets()
     except Exception as e:
         print(f"Could not get Ray AIR secrets: {e}")
         sys.exit(1)
-    try:
-        client = boto3.client("secretsmanager", region_name="us-west-2")
-        ray_air_secrets = get_ray_air_secrets(client)
-        ray_air_secrets = get_ray_air_secrets()
-    except Exception as e:
-        print(f"Could not get Ray AIR secrets: {e}")
-        sys.exit(1)
+    try:
+        ray_air_secrets = get_ray_air_secrets()
+    except (subprocess.CalledProcessError, FileNotFoundError) as e:
+        print(f"Error executing aws-cli command: {e}", file=sys.stderr)
+        sys.exit(1)
+    except (json.JSONDecodeError, KeyError) as e:
+        print(f"Error parsing secrets from aws-cli output: {e}", file=sys.stderr)
+        sys.exit(1)
-    try:
-        client = boto3.client("secretsmanager", region_name="us-west-2")
-        ray_air_secrets = get_ray_air_secrets(client)
-        ray_air_secrets = get_ray_air_secrets()
-    except Exception as e:
-        print(f"Could not get Ray AIR secrets: {e}")
-        sys.exit(1)
+    try:
+        ray_air_secrets = get_ray_air_secrets()
+    except (subprocess.CalledProcessError, FileNotFoundError) as e:
+        print(f"Error executing aws-cli command: {e}", file=sys.stderr)
+        sys.exit(1)
+    except (json.JSONDecodeError, KeyError) as e:
+        print(f"Error parsing secrets from aws-cli output: {e}", file=sys.stderr)
+        sys.exit(1)