52

I'm new to AWS SDK and I'm trying to follow the AWS documentation, but gives little to none on what exactly I need to setup.

The official docs tell me to add this to the appsettings.json:

{
  "AWS": {
    "Profile": "local-test-profile",
    "Region": "us-west-2"
  }
}

And then create the client:

var options = Configuration.GetAWSOptions();
IAmazonS3 client = options.CreateServiceClient<IAmazonS3>();

This causes an exception to be thrown saying it cannot find the credentials. Where do I put the Api ID and Key? What is this profile?

Please, bear in mind I have no preferences on how to set this up. I'm just trying to follow the official documentation for .NET Core, and their only example doesn't work. The docs seem to imply I should have prior knowledge of many of their terms and settings or that I'm migrating an existing app and already have everything setup.

Can someone please point me to what is missing from this example just to make the API correctly connect to AWS?

Improve this question
1

5 Answers 5

Reset to default
58

Maybe this is too late for you but if you are using docker or have some other environment/setup where it's not possible/easy to use AWS profiles then you can still use environment vars. Eg:

var awsOptions = Configuration.GetAWSOptions();
awsOptions.Credentials = new EnvironmentVariablesAWSCredentials();
services.AddDefaultAWSOptions(awsOptions);
services.AddAWSService<IAmazonS3>();

Then set AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY & AWS_REGION in your environment.

It seems that Amazon have made this harder to find in the docs than it needs to be.

Running in AWS for reals is ok because you should be using a role but if your using docker for dev then setting up a profile in the container is a PITA.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

This is a really helpful answer if you're not on windows, we're deploying to a non windows kubernetes cluster and this is the approach which seems to work best there.
I really want a single thing that will search all the possible places for credentials. The standard way does this but does not search the environment. Sad!
Yeah that would be great! Also the .net client almost assumes you are running it on windows and can use profiles which is quite niave considering it's a PCL/.Net core compatible library
should mention that the extension method you're using here exists in the AWSSDK.Extensions.NETCore.Setup nuget package
@Jonesie what will happen if the key_id and access_key are changed while my application is running , how do i refresh them in my code to access s3.
|
32

AWS SDK for .NET uses following order to load credentials:

1. AWSOptions.Credentials property

AWSOptions awsOptions = new AWSOptions
{
    Credentials = new BasicAWSCredentials("yourAccessKey", "yourAccessSecret")
};
builder.Services.AddDefaultAWSOptions(awsOptions);

2. AWSOptions.Profile property

AWSOptions awsOptions = new AWSOptions
{
    Profile = "custom",
    ProfilesLocation = @"c:\temp\credentials"
};
builder.Services.AddDefaultAWSOptions(awsOptions);

If the profile location is not specified, it will look at the default location C:\Users\.aws\credentials.

3. Credential Profile Store Chain

If both AWSOptions.Credentials and AWSOptions.Profile are not supplied or AWSOptions object itself is null. In this case, credential profile name will be loaded from the environment variable AWS_PROFILE.

  • Profile Name: If there is no such AWS_PROFILE environment variable, then default will be used as a profile name.
  • Profile Location: C:\Users\.aws\credentials

4. Environment Variables AWS Credentials

If SDK still hasn't got the credentials, then it checks for the following environment variables to load the AWS credentials.

ENVIRONMENT_VARIABLE_ACCESSKEY = "AWS_ACCESS_KEY_ID";     
ENVIRONMENT_VARIABLE_SECRETKEY = "AWS_SECRET_ACCESS_KEY";        
ENVIRONMENT_VARIABLE_SESSION_TOKEN = "AWS_SESSION_TOKEN";

5. EC2 Instance Profile / ECS Task Profile

Finally, this is the most important place where the SDK looks for the credentials. This would be the best place for the applications that are running in the AWS environment. In this case, SDK loads the AWS credentials from the EC2 instance profile or ECS task role.

I have also written a blog on the same topic, you can checkout that from here - Understanding Credential Loading in AWS SDK for .NET

Improve this answer

1 Comment

This is a great post. I tried the first option but got an exception about missing Authentication Token.
25
+50

The json file is $"appsettings.{env.EnvironmentName}.json", so you should call it appsettings.Development.json and have the environment variable set.

Did you define your"local-test-profile" profile in the AWS credentials file.

Should be in C:\Users\{USERNAME}\.aws\credentials

[local-test-profile]
aws_access_key_id = your_access_key_id
aws_secret_access_key = your_secret_access_key

If you don't want it in the default location, you can set the 'ProfilesLocation' json config file.

Improve this answer

3 Comments

Thanks. No, I didn't define this profile because I didn't know I had to. This is not clear in the documentation at all. So what is missing from the docs is that there should be this ini-like file with the access key and secret in a specific place for it to look.
What {USERNAME} folder should be used for a web app? What's the easiest way to find this - I've tried Administrator, the user listed in task manager/Details/w3wp.exe - none work. This works on dev machine, can't get to work in production. Also can't get ProfilesLocation working in .net core mvc 2.
You shouldn't be blamed, to get to know how to manage profiles you need to jump around 5 different articles till you get to the right one. AWS does have documentation, it just happens to be very unintuitive for almost every service in my opinion.
18

This helps to avoid getting credentials from environment using the appsettings for development purpose

var awsOption = Configuration.GetAWSOptions();
    awsOption.Credentials = new BasicAWSCredentials(Configuration["AWS:AccessKey"], Configuration["AWS:SecretKey"]);
    services.AddDefaultAWSOptions(awsOption);
Improve this answer

Comments

-2

Same documentation also includes a section for setting up the credentials. Check it out here http://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html

It doesn't give an example of setting up the credentials using the appSettings.json file because they don't think it's the right (secure) way to do it.

Here is from the introduction part of the section about setting up the credentials:

Don't put literal access keys in your application, including the project's App.config or Web.config file. If you do, you create a risk of accidentally exposing your credentials if, for example, you upload the project to a public repository.

Improve this answer

5 Comments

This documentation doesn't have a single example on how to set this up in appsettings.json.
@Natan that's because it's not the right way to do it.
That doesn't actually answer the question. It's actually part of the problem. I'm new to this SDK, the example provided doesn't work and I have no idea what I'm doing wrong. Any chance you can be more helpful? What should I be doing? Can you give an example on how to make their sample code work? At this point I just need to understand how to run their sample code.
Just to give some feedback, for some reason you're under the impression I want to add the ID and key to AppSettings. I don't. I just need to understand how to set this up using asp.net core, and so far I have no idea what is missing there.
The docs do mention this "BasicAWSCredentials that are created from the AWSAccessKey and AWSSecretKey AppConfig values, if they’re available." However it doesn't appear to work. Also I don't see a problem with putting credentials in User Secret. That's just as secure as .aws\credentials

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.