How to get access to s3 for .NET SDK with the same credentials used for awscli?

0

I am on a federated account that only allows for 60 minutes access tokens. This makes using AWS difficult since I have to constantly relog in with MFA, even for the AWS CLI on my machine. I'm fairly certain that any programmatic secret access key and token I generate would be useless after an hour. I am writing a .NET program (.NET framework 4.8) that will run on a EC2 instance to read and write from an S3 bucket. As per the documentation example, they give this example to initalize the AmazonS3Client:

// Before running this app:
            // - Credentials must be specified in an AWS profile. If you use a profile other than
            //   the [default] profile, also set the AWS_PROFILE environment variable.
            // - An AWS Region must be specified either in the [default] profile
            //   or by setting the AWS_REGION environment variable.

            var s3client = new AmazonS3Client();

I've looked into SecretManager and ParameterStore, but that would matter if the programmatic access keys go inactive after an hour. Perhaps there is another way to give the program access to S3 and the SDK...

If I cannot use access keys and tokens stored in a file, could I use the IAM access that awscli uses? For example, I can type into powershell aws s3 ls s3://mybucket to list and read files from s3 to the ec2 instance. Could the .NET SDK use the same credentials to access the S3 bucket?

1 Answer
1

Since you are running the application from an EC2 instance, the best practice is to use an IAM Role attached to the instance. The .NET SDK should be smart enough to "know" how to use the IAM role. There is a guide in the documentation here -> https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-hosm.html#net-dg-hosm-sample-s3-app

Remember to aways apply the Least Privilege Principle -> https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#grant-least-privilege

profile pictureAWS
answered a year ago
  • Is there a way to attach a IAM role to my own local machine for local development?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions