Connect to Amazon S3 without specifying Credentials

a-patel / LiteXStorage

LiteXStorage is simple yet powerful and very high-performance storage mechanism and incorporating both synchronous and asynchronous usage with some advanced usage of cloud storage which can help us to handle storage more easier!

MIT License

24 stars 2 forks source link

Connect to Amazon S3 without specifying Credentials #8

Open jmsvl opened 3 years ago

jmsvl commented 3 years ago

It seems that it is not possible to leave the AccessKeyId and SecretAccessKey values blank so the library would use the EnvironmentVariablesAWSCredentials.

The Argument validations for AccessKeyId and SecretAccessKey are really necessary on AmazonS3Service constructor?

a-patel commented 3 years ago

Yes @jmsvl This is a generic solution that works with any environment like On-Prem, AWS, Azure, or any other Cloud. For those AccessKey and SecretKey are required parameters.

You can create a new IAM user for your application only (with minimal access rights) and use its credentials.

jmsvl commented 3 years ago

The situation I detected is specifically for Amazon S3 and the classes created for this specific storage type:

The constructor for AmazonS3Service does not allow empty values for AccessKeyId and SecretAccessKey (ArgumentException thrown on the constructor code if any of these variables are empty or null).

But the method to Get the AmazonS3Client calls GetAwsCredentials that tries to get Credentials from CredentialProfileStoreChain and, if there's no value defined for AccessKeyId and SecretAccessKey (impossible because of constructos ArgumentExceptions), tries to get from Env Variables (unreachable method)

a-patel commented 3 years ago

These parameters are not optional at this moment. You must have to provide them in the configuration.

firedeepan commented 2 years ago

@a-patel this is becoming a big compliance issue. Is there any way I can make a pull request to fix this?

a-patel commented 2 years ago

@firedeepan Let me work on this and release a new version.

a-patel commented 2 years ago

I have released the 9.0.0 version with this change.

Configuration parameters are conditionally optional. Below is the way to authenticate with AWS:

private AWSCredentials GetAwsCredentials(AmazonS3Config config)
{
    if (!string.IsNullOrWhiteSpace(config.ProfileName))
    {
        var chain = new CredentialProfileStoreChain();

        if (chain.TryGetAWSCredentials(config.ProfileName, out AWSCredentials defaultCredentials))
            return defaultCredentials;
        else
            throw new AmazonClientException("Unable to find a default profile in CredentialProfileStoreChain.");
    }

    if (!string.IsNullOrEmpty(config.AmazonAwsAccessKeyId) && !string.IsNullOrWhiteSpace(config.AmazonAwsSecretAccessKey))
    {
        return new BasicAWSCredentials(config.AmazonAwsAccessKeyId, config.AmazonAwsSecretAccessKey);
    }

    var credentials = FallbackCredentialsFactory.GetCredentials();
    if (credentials == null)
    {
        throw new AmazonClientException("Failed to find AWS Credentials for constructing AWS service client");
    }

    return credentials;
}