Reputation: 1
How to use AWS Secret Manager and SES AND IAM roles/users in my .NET application
This is a basic send email application. Setting up the IAM user roles, and Secret Manager (consuming secrets from the SDK) is the hard part. I need to be able to do this both by developing locally and from the AWS pipeline/container environment. Trying to figure out what is best practice and what that would look like.
I set up the credentials file to access AccessKeyId and SecretKey. These are long-term credentials discouraged by documentation.
I added keys to appsettings. Also discouraged by documentation.
I implemented SecretManager from the SDK but I need to create an IAM role. I can't do this directly so I'm asking security to do this. I should have the role shortly.
My question is, is Secret Manager the way to do it and how will the IAM role work?? Or am I overthinking it?
Upvotes: 0
Views: 279
Answers (1)
Reputation: 66
I need to be able to do this both by developing locally and from the AWS pipeline/container environment.
For local development, defining the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env-vars (or having their equivalents in ~/.aws/credentials) file is fine.
is Secret Manager the way to do it and how will the IAM role work?
Yes. For your 'pipeline/container' environment (assuming this is an EC2 instance) it is a good idea to access Secrets Manager via an IAM role (and not via specifying AccessKeyId and SecretKeyId in your application code). You just add the IAM role and Account ID in the resource permission section when you create your secret:
{
"Version" : "2012-10-17",
"Statement" : [ {
"Effect" : "Allow",
"Principal" : {
"AWS" : "arn:aws:iam::<Account-ID>:role/<IAM Role>"
},
"Action" : [ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ],
"Resource" : "*"
} ]
}
If the EC2 instance your app is deployed in has this IAM role attached it it, your app will be able to access Secrets Manager.
See official Secrets Manager documentation. To understand more about the different AWS credentials, see the second answer here
Upvotes: 0
Related Questions
- How can I get the application's path in a .NET console application?
- Access amazon Secret Manager from .NET 8.0 web app outside of aws environment
- How and when to use ‘async’ and ‘await’
- External-secret error AccessDeniedException for cross AWS Account secret manager
- AWS Secrets Manager can’t find the specified secret
- Why use AWS Secret Manager instead of environment variables?
- how to connect aws secret manager using spring boot application without aws acceskey and secretkey
- AWS Secrets Manager Resource Policy to Deny all roles Except one Role
- How do I force my .NET application to run as administrator?
- Setting up AWS Secrets Manager .Net Core