1

I'm trying to access some images stored in Amazon S3 by using .NET (C#) code. I've found no command to connect to a role in .NET. Normally there's a client-making method to access to an account as follows:

public static void Main()
     {
         client = new AmazonS3Client(accessKey,secretKey,bucketRegion);
         ReadObjectDataAsync().Wait();
     }

I wish there was an option to enter some sort of role credential in that new AmazonS3Client() method.

When using web, I connect with my AWS account that doesn't have much rights and then I switch to a "role" that has access to the desired bucket and then I can download items directly from S3 web. I also can retrieve the canonical ID of the object using this command in CLI:

aws s3api list-objects --bucket DOC-EXAMPLE-BUCKET --prefix exampleprefix

In the credentials that I have received from our system admin I have: role_arn, source_profile, 2 different aws_access_key_id and 2 different aws_secret_access_key. I have tried with both pairs and I still receive Access Denied when reading object. I wrote a more extended version of my problem in regard to downloading items from S3 in this question: How to download a list of files from AWS S3 with C# / .Net to my device?

Still, I have to say that I'm not really sure that the problem of access is because of role stuff. But nowhere in my C# code I have written anything to specify that I wish to connect via that particular role, and not just by connecting to my account. I don't know how to do that.

smac2020
  • 9,637
  • 4
  • 24
  • 38
Iraj
  • 319
  • 3
  • 17
  • *"When using web, I connect with my AWS account that doesn't have much rights and then I switch to a "role" that has access to the desired bucket"* - you can do the same thing with the given credentials, perform an `AssumeRole` with the original credentials call and then use the resulting credentials to access any data. – luk2302 Jun 22 '21 at 13:59
  • @luk2302 Thank you for your reply. Honestly I have no idea how your idea can be implemented. Can you write it in an answer post? I read about ```AssumeRole``` for several hours today and didn't understand anything than can help me in practice. – Iraj Jun 22 '21 at 14:06

1 Answers1

0

From your query it seems like you system admin would have given the role to perform assume-role operation.

Sample code for that will be like:

using (var STSClient = new AmazonSecurityTokenServiceClient(accessKey, secretKey, bucketRegion))
{
    try
    {
        var response = STSClient.AssumeRole(new AssumeRoleRequest(roleARN));

        if (response.HttpStatusCode == System.Net.HttpStatusCode.OK) return response.Credentials;
    }
    catch (AmazonSecurityTokenServiceException ex)
    {
        return null;
    }
}
jeninjames
  • 128
  • 7
  • Thank you for your reply. There are two major problems. 1st is that I can't call securityToken namespace. ```using Amazon.SecurityToken;``` gives error. The other problem is that I don't understand where to use this and how it will help me to download objects from S3 as explained in ```https://stackoverflow.com/questions/68002487/how-to-download-a-list-of-files-from-aws-s3-with-c-sharp-net-to-my-device/68015454``` – Iraj Jun 23 '21 at 11:00
  • 1
    you have to install nuget package [https://www.nuget.org/packages/AWSSDK.SecurityToken/](https://www.nuget.org/packages/AWSSDK.SecurityToken/). – jeninjames Jun 29 '21 at 12:22