- 新しい順
- 投票が多い順
- コメントが多い順
To deploy your .NET MVC application with AWS Cognito integration, while ensuring security best practices and avoiding manual AWS CLI interactions, you can consider the following approach:
Use of IAM Roles and AWS Security Token Service (STS): You can utilize IAM roles for your application, especially when deploying on AWS infrastructure such as ECs, EC2 or Elastic Beanstalk. These roles provide the necessary permissions to your application to interact with AWS services. AWS STS can be used to assume roles and manage temporary credentials for accessing AWS services securely.
AWS SDK for .NET Configuration: Configure your application to use the AmazonCognitoIdentityProviderClient class from the AWS SDK for .NET. Ensure that the application, when deployed, assumes an IAM role with the necessary permissions to call AWS Cognito methods like AdminCreateUserAsync.
Secure Storage of Sensitive Data: Avoid embedding credentials in your application. Use AWS Systems Manager Parameter Store or AWS Secrets Manager to securely store and manage credentials and configuration data. Your application can retrieve these at runtime.
Environment Configuration: Ensure the server or cloud environment where your application is deployed has the necessary IAM role attached with the correct policies. Verify network access to AWS services from this environment.
Automated Credential Management: By using IAM roles and STS, your application automatically gets temporary credentials, eliminating the need for manual credential management or AWS CLI interaction.
These are a few practices that you can follow to ensure a secure access to AWS services, adhering to best practices for IAM roles and credential management, and eliminating the need for manual CLI-based session management.
関連するコンテンツ
- AWS公式更新しました 1年前
Thank you for your detailed response. Much appreciated. I need to dive into IAM Roles and STS so I can "Ensure that the application, when deployed, assumes an IAM role". Let me explore that and I will be back to accept your answer. Thanks again!