How to set credentials on AWS SDK on NET Core?
AWS SDK for .NET uses following order to load credentials:
1. AWSOptions.Credentials
property
AWSOptions awsOptions = new AWSOptions
{
Credentials = new BasicAWSCredentials("yourAccessKey", "yourAccessSecret")
};
builder.Services.AddDefaultAWSOptions(awsOptions);
2. AWSOptions.Profile
property
AWSOptions awsOptions = new AWSOptions
{
Profile = "custom",
ProfilesLocation = @"c:\temp\credentials"
};
builder.Services.AddDefaultAWSOptions(awsOptions);
If the profile location is not specified, it will look at the default location C:\Users\.aws\credentials
.
3. Credential Profile Store Chain
If both AWSOptions.Credentials
and AWSOptions.Profile
are not supplied or AWSOptions
object itself is null. In this case, credential profile name will be loaded from the environment variable AWS_PROFILE
.
- Profile Name: If there is no such
AWS_PROFILE
environment variable, thendefault
will be used as a profile name. - Profile Location:
C:\Users\.aws\credentials
4. Environment Variables AWS Credentials
If SDK still hasn't got the credentials, then it checks for the following environment variables to load the AWS credentials.
ENVIRONMENT_VARIABLE_ACCESSKEY = "AWS_ACCESS_KEY_ID";
ENVIRONMENT_VARIABLE_SECRETKEY = "AWS_SECRET_ACCESS_KEY";
ENVIRONMENT_VARIABLE_SESSION_TOKEN = "AWS_SESSION_TOKEN";
5. EC2 Instance Profile / ECS Task Profile
Finally, this is the most important place where the SDK looks for the credentials. This would be the best place for the applications that are running in the AWS environment. In this case, SDK loads the AWS credentials from the EC2 instance profile or ECS task role.
I have also written a blog on the same topic, you can checkout that from here - Understanding Credential Loading in AWS SDK for .NET
Maybe this is too late for you but if you are using docker or have some other environment/setup where it's not possible/easy to use AWS profiles then you can still use environment vars. Eg:
var awsOptions = Configuration.GetAWSOptions();
awsOptions.Credentials = new EnvironmentVariablesAWSCredentials();
services.AddDefaultAWSOptions(awsOptions);
services.AddAWSService<IAmazonS3>();
Then set AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY & AWS_REGION in your environment.
It seems that Amazon have made this harder to find in the docs than it needs to be.
Running in AWS for reals is ok because you should be using a role but if your using docker for dev then setting up a profile in the container is a PITA.
The json file is $"appsettings.{env.EnvironmentName}.json", so you should call it appsettings.Development.json and have the environment variable set.
Did you define your"local-test-profile" profile in the AWS credentials file.
Should be in C:\Users\{USERNAME}\.aws\credentials
[local-test-profile]
aws_access_key_id = your_access_key_id
aws_secret_access_key = your_secret_access_key
If you don't want it in the default location, you can set the 'ProfilesLocation' json config file.
This helps to avoid getting credentials from environment using the appsettings for development purpose
var awsOption = Configuration.GetAWSOptions();
awsOption.Credentials = new BasicAWSCredentials(Configuration["AWS:AccessKey"], Configuration["AWS:SecretKey"]);
services.AddDefaultAWSOptions(awsOption);