Where to save AWS_ACCESS_ID and AWS_SECRET_KEY in elasticbean stalk application

Hi,

I am trying to access boto3 s3 session in my code which requires AWS_SECRET_KEY and AWS_ACCESS_ID. where should I save these values so that my code can access them without compromising security. I am using Flask application deployed through elasticbean stalk.

Topics

Security, Identity, & Compliance Compute AWS Well-Architected Framework

Tags

Security, Identity, & Compliance AWS Elastic Beanstalk Security

Language

English

rePost-User-1153664

asked 10 months ago244 views

1 Answer

Newest
Most votes
Most comments

Accepted Answer

I didn't think it was necessary to set the access key if the application is hosted on Elastic BeanStalk.
I believe S3 can be accessed using IAM roles as shown in the following document.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html

EXPERT

Riku_Kobayashi

answered 10 months ago

EXPERT

Sedat Salman

reviewed 10 months ago

EXPERT

Didier_Durand

reviewed 10 months ago

Gary Mclean EXPERT
10 months ago
I was going to say the same as Riku. You should be able to use Roles. Of course AWS has secret manager and SSM parameter store where you can save encrypted versions of these. SSM and SM differ slightly though.
Didier_Durand EXPERT
10 months ago
Hi, I fully agree with Riku: storing AWS_SECRET_KEY on AWS itself is a bad practice. Execution roles are a much safer solution. Good guidance is https://docs.aws.amazon.com/accounts/latest/reference/credentials-access-keys-best-practices.html

See section "Use temporary security credentials (IAM roles) instead of long-term access keys"
rePost-User-1153664
10 months ago
Thanks everyone for answering, that was really helpful.

Relevant content

How to write config file to apply SES policies for Elasticbean stalk
rePost-User-8055548
asked a year ago
Flask application deployed through Elasticbean stalk unable to load file in S3
rePost-User-8055548
asked a year ago
PAAPI - AWSSecretKey and AWSAccessKeyId migration from v4 to use paapi v5
NicolaInversoBper
asked 2 years ago
I cannot reach my website with certain subdomain (I use elasticbean stalk)
Nico Blex
asked 8 months ago
How do I require users from other AWS accounts to use MFA to access my Amazon S3 buckets?
AWS OFFICIALUpdated 2 years ago
How do I connect to a Redshift cluster using Spark in my EMR cluster?
AWS OFFICIALUpdated a year ago
Why am I getting a "403 Forbidden" error when I try to upload files in Amazon S3?
AWS OFFICIALUpdated a year ago
How do I upgrade boto3 and botocore in AWS Lambda to access newer AI models?
AWS OFFICIALUpdated 10 days ago
How to connect to a private EC2 instance from a local Visual Studio Code IDE with Session Manager and AWS SSO (CLI)
EXPERT
Faraz_AWS
published 2 years ago
Best Practices for Distributors in delegating and restricting access privileges to downstream partners
EXPERT
Tong Jun Qun
published a year ago