Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connect to Amazon S3 without specifying Credentials #8

Open
jmsvl opened this issue Feb 17, 2021 · 6 comments
Open

Connect to Amazon S3 without specifying Credentials #8

jmsvl opened this issue Feb 17, 2021 · 6 comments
Assignees
@a-patel

Comments

@jmsvl
Copy link

jmsvl commented Feb 17, 2021

It seems that it is not possible to leave the AccessKeyId and SecretAccessKey values blank so the library would use the EnvironmentVariablesAWSCredentials.

The Argument validations for AccessKeyId and SecretAccessKey are really necessary on AmazonS3Service constructor?
@a-patel
Copy link
Owner

a-patel commented Feb 17, 2021

Yes @jmsvl
This is a generic solution that works with any environment like On-Prem, AWS, Azure, or any other Cloud. For those AccessKey and SecretKey are required parameters.

You can create a new IAM user for your application only (with minimal access rights) and use its credentials.

@a-patel a-patel self-assigned this Feb 17, 2021
@jmsvl
Copy link
Author

jmsvl commented Feb 18, 2021

The situation I detected is specifically for Amazon S3 and the classes created for this specific storage type:

The constructor for AmazonS3Service does not allow empty values for AccessKeyId and SecretAccessKey (ArgumentException thrown on the constructor code if any of these variables are empty or null).

But the method to Get the AmazonS3Client calls GetAwsCredentials that tries to get Credentials from CredentialProfileStoreChain and, if there's no value defined for AccessKeyId and SecretAccessKey (impossible because of constructos ArgumentExceptions), tries to get from Env Variables (unreachable method)

@a-patel
Copy link
Owner

a-patel commented Feb 18, 2021

These parameters are not optional at this moment. You must have to provide them in the configuration.

@firedeepan
Copy link

@a-patel this is becoming a big compliance issue. Is there any way I can make a pull request to fix this?

@a-patel
Copy link
Owner

a-patel commented Apr 1, 2022

@firedeepan Let me work on this and release a new version.

@a-patel
Copy link
Owner

a-patel commented Apr 3, 2022
edited
Loading

I have released the 9.0.0 version with this change.

Configuration parameters are conditionally optional. Below is the way to authenticate with AWS:

private AWSCredentials GetAwsCredentials(AmazonS3Config config)
{
    if (!string.IsNullOrWhiteSpace(config.ProfileName))
    {
        var chain = new CredentialProfileStoreChain();

        if (chain.TryGetAWSCredentials(config.ProfileName, out AWSCredentials defaultCredentials))
            return defaultCredentials;
        else
            throw new AmazonClientException("Unable to find a default profile in CredentialProfileStoreChain.");
    }

    if (!string.IsNullOrEmpty(config.AmazonAwsAccessKeyId) && !string.IsNullOrWhiteSpace(config.AmazonAwsSecretAccessKey))
    {
        return new BasicAWSCredentials(config.AmazonAwsAccessKeyId, config.AmazonAwsSecretAccessKey);
    }

    var credentials = FallbackCredentialsFactory.GetCredentials();
    if (credentials == null)
    {
        throw new AmazonClientException("Failed to find AWS Credentials for constructing AWS service client");
    }

    return credentials;
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@a-patel a-patel

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmsvl @a-patel @firedeepan