How to develop a .Net application to integrate with S3 in secureway using Ec2 Instance profile?

Hi! There are several ways you could accomplish having users upload files to S3 when your .NET application is running on an EC2 instance. I am assuming you are using an ASP.NET application.

1. One way is using pre-signed S3 URLs. When your user wants to upload a file, your ASP.NET application could return a pre-signed URL using the AWS SDK for .NET. Then, your client-side code running in your user's web browser can directly upload the file to S3. This 3rd-party blog post shows how to do this with React.js.
2. Another way would be to have your users upload the file directly to your ASP.NET application, and then that application could use the AWS SDK for .NET to upload the file to S3 using the EC2 instance's assigned EC2 Instance Profile. An EC2 Instance Profile lets you assign an IAM role directly to the EC2 instance. Then, any application you're running on it that uses the AWS SDK for .NET will automatically use the permissions from that IAM role to access AWS APIs. That includes uploading files to S3. Make sure the IAM role you use has permissions to upload files to the S3 bucket you are using.

There are other ways you could handle this also, such as using a Lambda function and API Gateway, but the two options above are probably the simplest. And you are right - you should never use AWS secret access keys (key ID and secret key) for any client-side code, and it's best practice not to use those keys on an EC2 instance. For applications on EC2, use the EC2 instance profile role instead (which I linked to in option 2 above). When you deploy your application, do not deploy the "credentials" file, just let the AWS SDK take care of getting permissions from the instance profile.