Configuring .NET Core Application to use an AWS Named Profile

Many organizations use some form of Single Sign On (SSO) to manage employee identities, but the process of logging in and obtaining AWS tokens can sometimes be cumbersome. Therefore, reducing developer experience friction is important so as to allow them to start writing functioning code as quickly as possible. When working with .NET applications which are designed to work with and on the AWS platform, we have to generate credential tokens and store those tokens locally when developing. Paying attention to the AWS SDK for .NET Credential Profile Resolution, the easiest place I’ve found to store those tokens are in the credential file.

We have a mechanism at work which uses the AWS CLI to generate the tokens in an automated way and store them in the credential file. I won’t get into details here as this post is meant to document the proper application setup to consume the tokens.

Follow the below steps necessary to quickly create a .NET core application and use the tokens stored in the credential file under an AWS Named Profile.

  1. Create a new .NET Core application
  2. Add Microsoft.Extensions.Configuration.Json nuget package
  3. Add AWSSDK.Extensions.NETCore.Setup nuget package
  4. Add AWSSDK.S3 nuget package
  5. Add appsettings.json file and set the Profile property to the Profile Name used when authenticating with the AWS CLI.
{
  "AWS": {
    "Profile": "[Profile Name]]",
    "Region": "us-east-1"
  }
}
  1. Load the appsettings file using the built in Dependency Inejection.
var builder = new ConfigurationBuilder().AddJsonFile("appsettings.json", optional: false, reloadOnChange: true);
  1. Load the settings into the AWS Options object
var options = builder.Build().GetAWSOptions();
  1. Resolve the AWS Client (in this case S3)
_s3Client = options.CreateServiceClient<IAmazonS3>();
  1. Call the AWS Client
ListBucketsRequest request = new ListBucketsRequest();
ListBucketsResponse response = await _s3Client.ListBucketsAsync(request);
  1. Authenticate with the AWS CLI to generate an AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN

  2. Run the application.

Code can be found in my awsnetcore repository.

Like what you read?