There are various ways to get the credentials from AWS:
I have been using AWS SDK.NET and here is the code to get credentials using IAM role. To run this code, make sure you are running this application on EC2 instance.
private async Task<Stream> GetS3BucketFileIAM(string filepath)
{
var credentials = FetchCredentials();
var request = new GetObjectRequest
{
BucketName = _bucketName,
Key = filepath
};
var config = new AmazonS3Config
{
RegionEndpoint = RegionEndpoint.GetBySystemName(_regionName)
};
var s3Client = new AmazonS3Client(credentials.AccessKey, credentials.SecretKey, credentials.Token, config);
var response = await s3Client.GetObjectAsync(request);
return response.ResponseStream;
}
private ImmutableCredentials FetchCredentials()
{
var securityCredentials = EC2InstanceMetadata.IAMSecurityCredentials;
if (securityCredentials == null)
throw new AmazonServiceException("Unable to get IAM security credentials from EC2 Instance Metadata Service.");
string firstRole = null;
foreach (var role in securityCredentials.Keys)
{
firstRole = role;
break;
}
if (string.IsNullOrEmpty(firstRole))
throw new AmazonServiceException("Unable to get EC2 instance role from EC2 Instance Metadata Service.");
var metadata = securityCredentials[firstRole];
if (metadata == null)
throw new AmazonServiceException("Unable to get credentials for role \"" + firstRole + "\" from EC2 Instance Metadata Service.");
return new ImmutableCredentials(metadata.AccessKeyId, metadata.SecretAccessKey, metadata.Token);
}
Other way to use credentials is from Profile if someone has already installed AWS CLI
private static AWSCredentials GetDefaultAwsCredentialsFromProfile()
{
var credentialProfileStoreChain = new CredentialProfileStoreChain();
if (credentialProfileStoreChain.TryGetAWSCredentials("default", out var defaultCredentials))
return defaultCredentials;
return null;
}
Helpful threads:
c# - How to set credentials on AWS SDK on NET Core? - Stack Overflow
How to get metadata.
HowTo: Get Amazon EC2 Instance Metadata - Dowd and Associates
Authenticating to AWS with Instance Metadata | by Yevgeniy Brikman | Gruntwork
AWS Access Keys - A Reference - Nick Jones (nojones.net)
Doing AWS STS the right way. - Short Term Security · Archer Imagine
Credential and profile resolution - AWS SDK for .NET (amazon.com)
No comments:
Post a Comment