36

I'm new to AWS SDK and I'm trying to follow the AWS documentation, but gives little to none on what exactly I need to setup.

The official docs tell me to add this to the appsettings.json:

{
  "AWS": {
    "Profile": "local-test-profile",
    "Region": "us-west-2"
  }
}

And then create the client:

var options = Configuration.GetAWSOptions();
IAmazonS3 client = options.CreateServiceClient<IAmazonS3>();

This causes an exception to be thrown saying it cannot find the credentials. Where do I put the Api ID and Key? What is this profile?

Please, bear in mind I have no preferences on how to set this up. I'm just trying to follow the official documentation for .NET Core, and their only example doesn't work. The docs seem to imply I should have prior knowledge of many of their terms and settings or that I'm migrating an existing app and already have everything setup.

Can someone please point me to what is missing from this example just to make the API correctly connect to AWS?

4

5 回答 5

47

Maybe this is too late for you but if you are using docker or have some other environment/setup where it's not possible/easy to use AWS profiles then you can still use environment vars. Eg:

var awsOptions = Configuration.GetAWSOptions();
awsOptions.Credentials = new EnvironmentVariablesAWSCredentials();
services.AddDefaultAWSOptions(awsOptions);
services.AddAWSService<IAmazonS3>();

Then set AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY & AWS_REGION in your environment.

It seems that Amazon have made this harder to find in the docs than it needs to be.

Running in AWS for reals is ok because you should be using a role but if your using docker for dev then setting up a profile in the container is a PITA.

于 2018-01-18T01:59:12.290 回答
19

The json file is $"appsettings.{env.EnvironmentName}.json", so you should call it appsettings.Development.json and have the environment variable set.

Did you define your"local-test-profile" profile in the AWS credentials file.

Should be in C:\Users\{USERNAME}\.aws\credentials

[local-test-profile]
aws_access_key_id = your_access_key_id
aws_secret_access_key = your_secret_access_key

If you don't want it in the default location, you can set the 'ProfilesLocation' json config file.

于 2017-04-05T23:34:37.320 回答
12

This helps to avoid getting credentials from environment using the appsettings for development purpose

var awsOption = Configuration.GetAWSOptions();
    awsOption.Credentials = new BasicAWSCredentials(Configuration["AWS:AccessKey"], Configuration["AWS:SecretKey"]);
    services.AddDefaultAWSOptions(awsOption);
于 2020-06-01T16:24:28.890 回答
0

Same documentation also includes a section for setting up the credentials. Check it out here http://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html

It doesn't give an example of setting up the credentials using the appSettings.json file because they don't think it's the right (secure) way to do it.

Here is from the introduction part of the section about setting up the credentials:

Don't put literal access keys in your application, including the project's App.config or Web.config file. If you do, you create a risk of accidentally exposing your credentials if, for example, you upload the project to a public repository.

于 2017-03-27T18:10:44.363 回答
0

AWS SDK for .NET uses following order to load credentials:

1. AWSOptions.Profile property

AWSOptions awsOptions = new AWSOptions
{
    Credentials = new BasicAWSCredentials("yourAccessKey", "yourAccessSecret")
};
builder.Services.AddDefaultAWSOptions(awsOptions);

2. AWSOptions.Credentials property

AWSOptions awsOptions = new AWSOptions
{
    Profile = "custom",
    ProfilesLocation = @"c:\temp\credentials"
};
builder.Services.AddDefaultAWSOptions(awsOptions);

If the profile location is not specified, it will look at the default location C:\Users\.aws\credentials.

3. Credential Profile Store Chain

If both AWSOptions.Credentials and AWSOptions.Profile are not supplied or AWSOptions object itself is null. In this case, credential profile name will be loaded from the environment variable AWS_PROFILE.

  • Profile Name: If there is no such AWS_PROFILE environment variable, then default will be used as a profile name.
  • Profile Location: C:\Users\.aws\credentials

4. Environment Variables AWS Credentials

If SDK still hasn't got the credentials, then it checks for the following environment variables to load the AWS credentials.

ENVIRONMENT_VARIABLE_ACCESSKEY = "AWS_ACCESS_KEY_ID";     
ENVIRONMENT_VARIABLE_SECRETKEY = "AWS_SECRET_ACCESS_KEY";        
ENVIRONMENT_VARIABLE_SESSION_TOKEN = "AWS_SESSION_TOKEN";

5. EC2 Instance Profile / ECS Task Profile

Finally, this is the most important place where the SDK looks for the credentials. This would be the best place for the applications that are running in the AWS environment. In this case, SDK loads the AWS credentials from the EC2 instance profile or ECS task role.

I have also written a blog on the same topic, you can checkout that from here - Understanding Credential Loading in AWS SDK for .NET

于 2022-02-21T18:35:18.600 回答