· Travis Rodgers · Cloud  · 4 min read

How To Configure C# AWS SDK Credentials In Your Project

The AWS SDK for C# allows you to easily configure credentials in your application. Learn how to include these in your project to authenticate with this practical, hands-on tutorial.

When creating an application that interacts with the AWS SDK, you’ll obviously need to provide credentials to authenticate.

The C# AWS SDK gives you a few classes that essentially do all the work for you. They’ll either check to see if there’s a local profile on your computer OR they can programmatically create or add those credentials to a credential file regardless of the enviroment.

In this post, we’ll look at how to do both of these so you can move ahead in your AWS development work.

Two Ways to Setup C# AWS SDK Credentials

There are essentially two ways to set this up:

  1. You can use your current credentials found in your ~.aws/credentials file.
  2. You can programmatically create a new profile in an ~.aws/credentials file.

The latter is what I prefer as it will allow you to deploy your app anywhere and it create/update those credentials for you.

But, of course, we’ll look at both methods.

1. Use your local, default AWS credentials

In this scenario, you only need to use your local, default, credentials.

These credentials can be set by running aws configure if you use the AWS CLI, or you can set them manually by opening up your .aws/credentials file and adding the following (replacing the keys with your own):

[default]
aws_access_key_id = your_access_key
aws_secret_access_key = your_secret_key

Once you add this default profile, the SDK will look for that and you don’t have to do anything else for local development.

And when you create your AWS service client, just leave the parameters blank like so:

AmazonEC2Client client = new AmazonEC2Client();

But how will you auth when you deploy it on a server or in a container? You’ll need to either create or update that file in that environment.

That’s why I recommend the method below. Let’s look at that:

2. Programmatically create a new profile or update existing (Preferred)

In my other tutorial, How to use the C# AWS documentation, I provided some starter code for C# AWS SDK projects.

Please reference that for context.

But essentially, I create the credentials in the Constructor.

The TLDR is that it looks for any credentials of the profile you specify. If it’s found, it uses that. If not, it creates that profile and moves on.

And you’ll need the AWSSDK.Core package from Nuget for these credential classes.

Here’s my example. I’ll explain it below:

AWSCredentials awsCredentials;

var chain = new CredentialProfileStoreChain();

if (chain.TryGetAWSCredentials("test-profile", out awsCredentials))
{
    logger.LogInformation("Credentials profile found...");
}
else
{
    logger.LogInformation("Could not find credentials profile. Creating...");

    // I am defining the access and secret key in my appsettings.json
    // file and pulling from that here. See my Github repo
    // linked above for context on how that works.
    var options = new CredentialProfileOptions
    {
        AccessKey = awsOptions.AWSAccessKey,
        SecretKey = awsOptions.AWSSecretKey
    };

    profile = new CredentialProfile("test-profile", options);
    profile.Region = RegionEndpoint.USEast1;

    var sharedFile = new SharedCredentialsFile();
    sharedFile.RegisterProfile(profile);
}

There are four classes involved here:

  1. CredentialProfileStoreChain: You can get credentials or profiles with this class using the TryGetAWSCredentials or TryGetProfile methods. In our example, we try and get credentials from a certain profile with the TryGetAWSCredentials method. If they are found, we move on. If not, we will create the profile.
  2. CredentialProfileOptions: Here we can set options for our profile. In our example, we’ll set the AccessKey and SecretKey.
  3. CredentialProfile: Next we instantiate the CredentialProfile class passing in the name of the profile we want to create and the profile options as parameters. Then we set the region.
  4. SharedCredentialsFile: Finally we instantiate this class and call the RegisterProfile method with our profile passed in as a parameter. This method adds the profile given to the credentials file. If the profile already exists, it updates it.

Now when you create your AWS Service Client, you’ll pass in those credentials:

AmazonEC2Client client = new AmazonEC2Client(awsCredentials);

Conclusion

So with just a few classes, you can easily manage C# AWS SDK credentials in your next project. And wherever you deploy this application, those credentials go with you.

If you found this tutorial helpful, click that Twitter button below and share it so others can benefit.

    Share:

    Related Posts

    View All Posts »
    AWS Cross Account S3 Access: How to Trust and Assume Roles

    AWS Cross Account S3 Access: How to Trust and Assume Roles

    In this post, you'll learn how to set up AWS Cross Account S3 Access so that you can retrieve or upload files across accounts with a Lambda function. You'll also learn how to assume roles and create a Trust relationship in order to do so.