search

aws / aws-sdk-net

The official AWS SDK for .NET. For more information on the AWS SDK for .NET, see our web site:
http://aws.amazon.com/sdkfornet/
Apache License 2.0
2.05k stars 852 forks source link

Consider adding resolving basic credentials from configuration in AWSSDK.Extensions.NETCore.Setup #3480

Closed paulomorgado closed 13 hours ago

paulomorgado commented 3 days ago

Describe the feature

Amazon.Extensions.NETCore.Setup.ClientFactory<T>.CreateCredentials(ILogger, AWSOptions), when no credentials or profile are provided in the AWSOptions, uses Amazon.Runtime.FallbackCredentialsFactory.GetCredentials() to resolve credentials using:

  1. AppConfigAWSCredentials on .NET Framework
  2. AssumeRoleWithWebIdentityCredentials.FromEnvironmentVariables()
  3. From a credential profile chain
  4. From environment variables: EnvironmentVariablesAWSCredentials
  5. From EC2 environment variables

It's not uncommon that on-prem non-containerized applications use the configuration file to store all configuration.

Microsoft.Extensions.Configuration.ConfigurationExtensions.GetAWSOptions could resolve basic AWS credentials from the configuration.

Use Case

appssettings.json:

{
  "AWS": {
    "Credentials": {
      "AccessKey": "<accessKey>",
      "SecretKey": "<secretKey>"
    }
var awsOptions = configuration.GetAWSOptions();
// awsOptions.Credentials has a BasicAWSCredentials with accessKey and secretKey

Proposed Solution

Microsoft.Extensions.Configuration.ConfigurationExtensions.GetAWSOptions could look for a Credentials section with AccessKey and SecretKey values and create a BasicAWSCredentials from it.

Other Information

No response

Acknowledgements

AWS .NET SDK and/or Package version used

AWSSDK.Extensions.NETCore.Setup version 3.7.301

Targeted .NET Platform

.NET 8

Operating System and version

Window, Linux, etc.

paulomorgado commented 3 days ago

PR: #3484

normj commented 3 days ago

I really don't want to add support for putting static credentials in appsettings.json file. It sets up users for forgetting and checking in their credentials and then pushing them someplace public. We see it way too much and I don't want to make it any easier for it to happen. I recognize somebody could use user secrets but I just know bad accidents will happen.

We support that in .NET Framework with web.config/app.config but that is for legacy reasons when the SDK didn't even support profiles. It also predates the rise of GitHub and people pushing their AWS credentials to a public repo.

paulomorgado commented 3 days ago

@normj,

I really don't want to add support for putting static credentials in appsettings.json file. It sets up users for forgetting and checking in their credentials and then pushing them someplace public. We see it way too much and I don't want to make it any easier for it to happen. I recognize somebody could use user secrets but I just know bad accidents will happen.

We support that in .NET Framework with web.config/app.config but that is for legacy reasons when the SDK didn't even support profiles. It also predates the rise of GitHub and people pushing their AWS credentials to a public repo.

Users are going to do it whether you provide the code for that or not.

appsettings.json is just an option for having configuration. In fact, out of the box, appsettings.json is overridden by secrets, then by environment variables and then by command line arguments.

User don't need to even have those credentials in that file for development time. For that, users should use Safe storage of app secrets in development in ASP.NET Core.

You can even store configuration in AWS using .NET Core configuration provider for AWS Systems Manager.

normj commented 3 days ago

I get what you are saying users will do stuff like embedded credentials in their app. I can't prevent that from happening but there is a difference in users finding and building their own mechanism for embedding credentials and AWS providing that mechanism.

I know it seems I'm being overly cautious but what is likely to happen is somebody is going to embed credentials, get the credentials leaked and then that customer is really mad and I will have to go up to a VP level to explain why I put in a mechanism that allowed for users to expose their secrets.

paulomorgado commented 2 days ago

By not allowing users to put their secrets in Safe storage of app secrets in development in ASP.NET Core, you are not preventing them from leaking their secrets. You are, effectively, preventing them from keeping their secrets safe.

The .NET configuration system has dedicated APIs to connection strings. In now way it advocates for checking in connection strings. The .NET configuration system is an abstraction over configuration that is more than an appsettings.json file.

If you think credentials are safer as an environment variable or a file accessible by all processes in a server, the things I could tell you...

github-actions[bot] commented 13 hours ago

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.