Reputation: 4958
How to set credentials on AWS SDK on NET Core?
I'm new to AWS SDK and I'm trying to follow the AWS documentation, but gives little to none on what exactly I need to setup.
The official docs tell me to add this to the appsettings.json:
{
"AWS": {
"Profile": "local-test-profile",
"Region": "us-west-2"
}
}
And then create the client:
var options = Configuration.GetAWSOptions();
IAmazonS3 client = options.CreateServiceClient<IAmazonS3>();
This causes an exception to be thrown saying it cannot find the credentials. Where do I put the Api ID and Key? What is this profile?
Please, bear in mind I have no preferences on how to set this up. I'm just trying to follow the official documentation for .NET Core, and their only example doesn't work. The docs seem to imply I should have prior knowledge of many of their terms and settings or that I'm migrating an existing app and already have everything setup.
Can someone please point me to what is missing from this example just to make the API correctly connect to AWS?
Upvotes: 52
Views: 52521
Answers (5)
Reputation: 7049
AWS SDK for .NET uses following order to load credentials:
1. AWSOptions.Credentials property
AWSOptions awsOptions = new AWSOptions
{
Credentials = new BasicAWSCredentials("yourAccessKey", "yourAccessSecret")
};
builder.Services.AddDefaultAWSOptions(awsOptions);
2. AWSOptions.Profile property
AWSOptions awsOptions = new AWSOptions
{
Profile = "custom",
ProfilesLocation = @"c:\temp\credentials"
};
builder.Services.AddDefaultAWSOptions(awsOptions);
If the profile location is not specified, it will look at the default location C:\Users\.aws\credentials.
3. Credential Profile Store Chain
If both AWSOptions.Credentials and AWSOptions.Profile are not supplied or AWSOptions object itself is null. In this case, credential profile name will be loaded from the environment variable AWS_PROFILE.
- Profile Name: If there is no such
AWS_PROFILEenvironment variable, thendefaultwill be used as a profile name. - Profile Location:
C:\Users\.aws\credentials
4. Environment Variables AWS Credentials
If SDK still hasn't got the credentials, then it checks for the following environment variables to load the AWS credentials.
ENVIRONMENT_VARIABLE_ACCESSKEY = "AWS_ACCESS_KEY_ID";
ENVIRONMENT_VARIABLE_SECRETKEY = "AWS_SECRET_ACCESS_KEY";
ENVIRONMENT_VARIABLE_SESSION_TOKEN = "AWS_SESSION_TOKEN";
5. EC2 Instance Profile / ECS Task Profile
Finally, this is the most important place where the SDK looks for the credentials. This would be the best place for the applications that are running in the AWS environment. In this case, SDK loads the AWS credentials from the EC2 instance profile or ECS task role.
I have also written a blog on the same topic, you can checkout that from here - Understanding Credential Loading in AWS SDK for .NET
Upvotes: 32
Reputation: 427
This helps to avoid getting credentials from environment using the appsettings for development purpose
var awsOption = Configuration.GetAWSOptions();
awsOption.Credentials = new BasicAWSCredentials(Configuration["AWS:AccessKey"], Configuration["AWS:SecretKey"]);
services.AddDefaultAWSOptions(awsOption);
Upvotes: 18
Reputation: 7285
Maybe this is too late for you but if you are using docker or have some other environment/setup where it's not possible/easy to use AWS profiles then you can still use environment vars. Eg:
var awsOptions = Configuration.GetAWSOptions();
awsOptions.Credentials = new EnvironmentVariablesAWSCredentials();
services.AddDefaultAWSOptions(awsOptions);
services.AddAWSService<IAmazonS3>();
Then set AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY & AWS_REGION in your environment.
It seems that Amazon have made this harder to find in the docs than it needs to be.
Running in AWS for reals is ok because you should be using a role but if your using docker for dev then setting up a profile in the container is a PITA.
Upvotes: 58
Reputation: 1070
The json file is $"appsettings.{env.EnvironmentName}.json", so you should call it appsettings.Development.json and have the environment variable set.
Did you define your"local-test-profile" profile in the AWS credentials file.
Should be in C:\Users\{USERNAME}\.aws\credentials
[local-test-profile]
aws_access_key_id = your_access_key_id
aws_secret_access_key = your_secret_access_key
If you don't want it in the default location, you can set the 'ProfilesLocation' json config file.
Upvotes: 25
Reputation: 2552
Same documentation also includes a section for setting up the credentials. Check it out here http://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html
It doesn't give an example of setting up the credentials using the appSettings.json file because they don't think it's the right (secure) way to do it.
Here is from the introduction part of the section about setting up the credentials:
Don't put literal access keys in your application, including the project's App.config or Web.config file. If you do, you create a risk of accidentally exposing your credentials if, for example, you upload the project to a public repository.
Upvotes: -2
Related Questions
- AWS SDK Configuration with Environmental Variables & Dependency Injection .NET Core
- How to specify AWS credentials in C# .NET core console program
- How to set AWS credentials with .net Core
- .NET Core 3.x setting development AWS credentials
- Can not find credentials in AWS .NET SDK
- AWS SDK for dot net core app to use AWS AppConfig
- aws sdk for .net ec2 "Unable to reach credentials server"
- AWS Secret Manager with .Net Core throws socket exception
- Net Core 2.0 AmazonServiceException: Unable to find credentials
- How to specify AWS credentitals for .NET AWS SDK