如何在NET Core上的AWS SDK上设置凭据？

Question

我是AWS SDK的新手,我正在尝试遵循AWS 文档,但几乎没有提供我需要设置的内容.

官方文档告诉我将其添加到appsettings.json:

{
  "AWS": {
    "Profile": "local-test-profile",
    "Region": "us-west-2"
  }
}

然后创建客户端:

var options = Configuration.GetAWSOptions();
IAmazonS3 client = options.CreateServiceClient<IAmazonS3>();

这会导致抛出异常,说它无法找到凭据.我在哪里放置Api ID和密钥？这个档案是什么？

请记住,我对如何设置它没有偏好.我只是想遵循.NET Core的官方文档,他们唯一的例子不起作用.文档似乎暗示我应该事先了解他们的许多术语和设置,或者我正在迁移现有应用程序并且已经完成了所有设置.

有人可以指点我这个例子中缺少什么只是为了让API正确连接到AWS？

Answer 1

AWS SDK for .NET uses following order to load credentials:

1. AWSOptions.Credentials property

AWSOptions awsOptions = new AWSOptions
{
    Credentials = new BasicAWSCredentials("yourAccessKey", "yourAccessSecret")
};
builder.Services.AddDefaultAWSOptions(awsOptions);

2. AWSOptions.Profile property

AWSOptions awsOptions = new AWSOptions
{
    Profile = "custom",
    ProfilesLocation = @"c:\temp\credentials"
};
builder.Services.AddDefaultAWSOptions(awsOptions);

If the profile location is not specified, it will look at the default location C:\Users\.aws\credentials.

3. Credential Profile Store Chain

If both AWSOptions.Credentials and AWSOptions.Profile are not supplied or AWSOptions object itself is null. In this case, credential profile name will be loaded from the environment variable AWS_PROFILE.

• Profile Name: If there is no such AWS_PROFILE environment variable, then default will be used as a profile name.
• Profile Location: C:\Users\.aws\credentials

4. Environment Variables AWS Credentials

If SDK still hasn't got the credentials, then it checks for the following environment variables to load the AWS credentials.

ENVIRONMENT_VARIABLE_ACCESSKEY = "AWS_ACCESS_KEY_ID";     
ENVIRONMENT_VARIABLE_SECRETKEY = "AWS_SECRET_ACCESS_KEY";        
ENVIRONMENT_VARIABLE_SESSION_TOKEN = "AWS_SESSION_TOKEN";

5. EC2 Instance Profile / ECS Task Profile

Finally, this is the most important place where the SDK looks for the credentials. This would be the best place for the applications that are running in the AWS environment. In this case, SDK loads the AWS credentials from the EC2 instance profile or ECS task role.

我还写了一篇关于同一主题的博客，您可以从这里查看 - Understanding Credential Loading in AWS SDK for .NET

Answer 2

也许这对你来说太晚了,但是如果你使用的是docker或者有其他环境/设置,那么它不可能/易于使用AWS配置文件,那么你仍然可以使用环境变量.例如:

var awsOptions = Configuration.GetAWSOptions();
awsOptions.Credentials = new EnvironmentVariablesAWSCredentials();
services.AddDefaultAWSOptions(awsOptions);
services.AddAWSService<IAmazonS3>();

然后在您的环境中设置AWS_ACCESS_KEY_ID和AWS_SECRET_ACCESS_KEY&AWS_REGION.

似乎亚马逊在文档中找到了比在需要时更难找到的东西.

在AWS中运行reals是可以的,因为你应该使用一个角色,但是如果你使用dock for dock然后在容器中设置一个配置文件就是PITA.

Answer 3

json文件是$"appsettings.{env.EnvironmentName} .json",因此你应该将其命名为appsettings.Development.json并设置环境变量.

您是否在AWS凭证文件中定义了"local-test-profile"配置文件？

应该在C:\ Users\{USERNAME} \.aws\credentials中

[local-test-profile]
aws_access_key_id = your_access_key_id
aws_secret_access_key = your_secret_access_key

如果您不希望它在默认位置,您可以设置'ProfilesLocation'json配置文件.

Answer 4

这有助于避免使用 appsettings 从环境中获取凭据用于开发目的

var awsOption = Configuration.GetAWSOptions();
    awsOption.Credentials = new BasicAWSCredentials(Configuration["AWS:AccessKey"], Configuration["AWS:SecretKey"]);
    services.AddDefaultAWSOptions(awsOption);