1 Answer
- Newest
- Most votes
- Most comments
1
I didn't think it was necessary to set the access key if the application is hosted on Elastic BeanStalk.
I believe S3 can be accessed using IAM roles as shown in the following document.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 days ago
I was going to say the same as Riku. You should be able to use Roles. Of course AWS has secret manager and SSM parameter store where you can save encrypted versions of these. SSM and SM differ slightly though.
Hi, I fully agree with Riku: storing AWS_SECRET_KEY on AWS itself is a bad practice. Execution roles are a much safer solution. Good guidance is https://docs.aws.amazon.com/accounts/latest/reference/credentials-access-keys-best-practices.html
See section "Use temporary security credentials (IAM roles) instead of long-term access keys"
Thanks everyone for answering, that was really helpful.