I have a .NET Core 3.1 console application that I'm using to access Secrets Manager during development (so, from my local machine).
By default, when the console app runs, the AWSSDK uses credentials from the [default] profile in my /Users/me/.aws/credentials file.
I want to use appsettings.json to make the AWSSDK use the "sandbox" profile from my credentials file, instead of the "default" profile.
My credentials file has the default and sandbox profiles (values shown are not real):
[default]
aws_access_key_id = XCR54W7SGBKKGQGUE95W
aws_secret_access_key = 9kGUHfDjqNFiv8SPjumGqyrDOZ3677qt5&Nn4A/u
[sandbox]
aws_access_key_id = QT29NYY3K2D9DU2YU4M9
aws_secret_access_key = 56yS98IIxX0kxH/W70K61I7QqmsJmjDdSVEx83Gr
In appsettings.json, I have created an AWS section:
"AWS": {
"Profile": "sandbox",
"AWSProfileName": "sandbox"
}
Note: I specified keys Profile and AWSProfileName because I have seen mixed information regarding what it should actually be named, so I'm covering all bases.
Next, Program.cs/Main. From this article Configuration in .NET, I need to create an instance of HostBuilder, which will load the configuration from appsettings.
static async Task Main(string[] args)
{
Console.WriteLine("AwsSdk");
using IHost host = Host.CreateDefaultBuilder(args).Build();
// Application code should start here.
var result = SecretsManager.GetSecret();
Console.WriteLine(result);
await host.RunAsync();
}
In the end, this does not work. I still receive an exception:
(User: arn:aws:iam::XXXXXXXXXXX:user/XXXXXXXX is not authorized to perform:
secretsmanager:GetSecretValue on resource: XXXXXXXX with an explicit deny in
an identity-based policy)
I know my IAM user and policies are correct, because if I change the "sandbox" credentials to the "default" credentials, it works perfectly.
Any suggestions on how to get this working?? Seems like telling the AWSSDK to look at a specific profile should be easy, but apparently it's not.
Thanks.
