Where to save AWS_ACCESS_ID and AWS_SECRET_KEY in elasticbean stalk application

Hi,

I am trying to access boto3 s3 session in my code which requires AWS_SECRET_KEY and AWS_ACCESS_ID. where should I save these values so that my code can access them without compromising security. I am using Flask application deployed through elasticbean stalk.

Topics: Compute Security, Identity, & Compliance AWS Well-Architected Framework
Tags: Security, Identity, & Compliance AWS Elastic Beanstalk Security
Language: English

rePost-User-1153664

asked 3 years ago466 views

1 Answer

Newest
Most votes
Most comments

Accepted Answer

I didn't think it was necessary to set the access key if the application is hosted on Elastic BeanStalk.
I believe S3 can be accessed using IAM roles as shown in the following document.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html

EXPERT

Riku_Kobayashi

answered 3 years ago

EXPERT

Sedat SALMAN

reviewed 3 years ago

EXPERT

Didier Durand

reviewed 3 years ago

Gary Mclean EXPERT
3 years ago
I was going to say the same as Riku. You should be able to use Roles. Of course AWS has secret manager and SSM parameter store where you can save encrypted versions of these. SSM and SM differ slightly though.
Didier Durand EXPERT
3 years ago
Hi, I fully agree with Riku: storing AWS_SECRET_KEY on AWS itself is a bad practice. Execution roles are a much safer solution. Good guidance is https://docs.aws.amazon.com/accounts/latest/reference/credentials-access-keys-best-practices.html

See section "Use temporary security credentials (IAM roles) instead of long-term access keys"
rePost-User-1153664
3 years ago
Thanks everyone for answering, that was really helpful.

Relevant content

Flask application deployed through Elasticbean stalk unable to load file in S3
rePost-User-8055548
asked 3 years ago
How to write config file to apply SES policies for Elasticbean stalk
rePost-User-8055548
asked 3 years ago
I cannot reach my website with certain subdomain (I use elasticbean stalk)
Nico Blex
asked 3 years ago
Enable to resolve no space on device for Elasticbean stalk deployment
Accepted Answer
rePost-User-1153664
asked 3 years ago
How do I troubleshoot output location errors when I save Athena query results in an S3 bucket?
AWS OFFICIALUpdated 2 years ago
How do I troubleshoot 403 Access Denied errors from my Amazon S3 bucket where all the resources are from the same AWS account?
AWS OFFICIALUpdated 3 years ago
How do I upgrade boto3 and botocore in Lambda to access newer AI models?
AWS OFFICIALUpdated a month ago
Why am I getting the error “The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access” when I download or copy an object from my Amazon S3 bucket?
AWS OFFICIALUpdated 3 years ago
re:Invent 2025 - Modernize containers for AI agents using AgentCore Gateway
EXPERT
Henrique Santana
published 6 days ago
S3 Bucket Lockout Recovery Using IAM Root Sessions
EXPERT
Ramakrishna Natarajan
published a year ago

Where to save AWS_ACCESS_ID and AWS_SECRET_KEY in elasticbean stalk application

Add your answer

Relevant content