I'm currently expanding one of our projects which downloads objects from an S3 bucket to support RoleAWSCredentials.
I've only connected to an S3 bucket by using BasicAWSCredentials before using an accessKey and a secretKey.
Both of these code snippets work and I'm trying to understand the functional differences to make sure that I am implementing this correctly.
// version 1
try
{
var credentials =
new BasicAWSCredentials(accessKey, secretKey);
var assumeRequest = new AssumeRoleRequest
{
RoleArn = roleArn,
DurationSeconds = 3600,
RoleSessionName = roleSessionsName,
ExternalId = externalId
};
var assumeRoleResult =
await new AmazonSecurityTokenServiceClient(credentials, RegionEndpoint.USEast1)
.AssumeRoleAsync(assumeRequest, cancellationToken);
var tempCredentials = new SessionAWSCredentials(
assumeRoleResult.Credentials.AccessKeyId,
assumeRoleResult.Credentials.SecretAccessKey,
assumeRoleResult.Credentials.SessionToken);
var s3Client = new AmazonS3Client(tempCredentials, RegionEndpoint.USEast1);
var s3listedObjects = await s3Client.ListObjectsAsync(BucketName, s3Directory , cancellationToken);
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
// Version 2
try
{
var credentials =
new BasicAWSCredentials(accessKey, secretKey);
var options = new AssumeRoleAWSCredentialsOptions()
{
ExternalId = externalId,
DurationSeconds = 3600
};
var roleAwsCredentials = new AssumeRoleAWSCredentials(credentials, roleArn, roleSessionsName, options);
var amazons3 = new AmazonS3Client(roleAwsCredentials, RegionEndpoint.USEast1);
var listedObjects = await amazons3.ListObjectsAsync(BucketName, s3Directory, cancellationToken);
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
The first one includes a session token, which I could see allow tracking batches of requests to different sessions but is there anything else significantly different between these two ways of using RoleAWSCredentials?
