Reputation:
How to manage IAM User Secret Keys in Django
I have a Django project (deployed on AWS Elastic Beanstalk) that uses several AWS services (SES, S3, etc.) through an IAM user. I am wondering what the best way to store this IAM user's credentials in the Django project is.
I have thought of a few approaches and have a few questions for each:
- Make a
.envfile with the credentials. Can this be hacked though? Is this the most secure way? - Use
Amazon Secrets Managerto create a secret with the credentials. I tried this, but then realized that you need to supply credentials to use it (😅).
Is there a better method? What would you recommend?
Upvotes: 1
Views: 585
Answers (1)
Reputation: 78573
Don't use IAM user credentials on AWS compute services (EC2, Elastic Beanstalk, Lambda, etc.)
Instead, use an IAM role. See Managing Elastic Beanstalk instance profiles.
Per What is the difference between an IAM role and an IAM user?
An IAM user has permanent long-term credentials and is used to directly interact with AWS services. IAM roles are meant to be assumed by authorized entities, such as applications ...
Upvotes: 1
Related Questions
- Django + AWS Secret Manager Password Rotation
- Django: how to use AWS access key without revealing it in source code
- creating iam user and aws secrets via iam:passrole
- Allow AWS users to create their own first access key
- Storing AWS IAM keys
- Using IAM for user authentication
- Handling Secret Keys when deploying Flask app on AWS
- How to secure IAM access key with MFA?
- AWS IAM : change Access Key Id the from root to IAM
- How can I protect my AWS access id and secret key in my python application