Open in app

Sign in

Write

Sign in

How to securely use AWS access key in C# — SQS Polling Worker Service Example

Kagawa
4 min readApr 11, 2021

--

AWS has ton of useful managed services such as SQS, DynamoDB, Kinesis Stream, etc which help us developers focus on our codes. In order to use AWS services, we will need to use Access Key and Secret Key for an account our program uses.

It is simple and easy to use Access Key and Secret Key, but we do not want to hard code them in our code. We do not want to commit them in source control either for security reasons.

In this article, I would like to share how to use profile so that we can safely use Access key and Secret key in C#.

Create a user account

First of all, we need to create a user account whose access key and secret key will be used in your program. Let’s sign into AWS and go to IAM

Create a user to use from application. Need to check “Programmatic access” since this user won’t be used to sign into AWS.

Select a policy you are interested to use. In this example, I select “AmazonSQSFullAccess” policy.

Once user is created, you can view “Access key ID” and “Secret access key”. We are going to use those in a “profile” file.

Create profile file

We could simply use Access key and Secret key in our program, but since we do not want to hard code them nor put them in source control, we will use profile file, which contains “Access key ID” and “Secret access key”. The profile file should NOT be pushed to source control.

Where should we put a profile file?

The default location is C:\Users\{YourUserName}\.aws\credentials. If we put it in the default location, we do not need to specify it in our code.

Code

Now we have profile which contains AWS access key and secret key. Let’s use it to poll messages from SQS.

First, we will create Worker Service in Visual Studio.

Next, we add MessageHandlingService which uses IAmazonSQS and actually poll messages from SQS. Since this is an example code which uses AWS, We simply receive messages from SQS and delete them after we read body.

Then, Worker.cs simply calls MessageHandlingService.

Program.cs has dependencies such as IAmazonSQS and IMessageHandlingService. Please make sure to install AWSSDK.Extensions.NETCore.Setup in order to use AddAWSService.

appsettings.json looks like this. We have AWS section with region.

That was it! Since we are using default location and default profile name, our worker service will pick up access key and secret key from profile file, and it’s ready to consume SQS messages.

Can we specify a different location?

If profile file needs to be placed in a different location, we can simply specify profile location and name in appsettings.

Conclusion

To recap, in order to use access key and secret key from profile, all we need to do are followings.

  1. Create user account and assign roles for services we use.
  2. Save access key and secret key in profile file.
  3. Set region in appsettings.
  4. Set up ConfigureServices so that AWS services will be instantiated.
Aws Access Keys
Work Service
Sqs
Secret Key
AWS

--

--

Kagawa
Kagawa

Written by Kagawa

25 Followers
10 Following

C# & JavaScript software engineer.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams