Underlying (and useful) exception details are hidden
This has bitten me numerous times!
All of the following instances catch ClientError from botocore and re-raise a new generic (and remarkably useless by comparison) exception:
key_providers.kms._generate_data_key:L213key_providers.kms._encrypt_data_key:L250key_providers.kms._decrypt_data_key:L283
I believe a different approach should be taken here to prevent hiding botocore Client exception details (network connectivity, insufficient permissions, etc).