[SOLVED] AWS DotNet SDK Error: Unable to get IAM security credentials from EC2 Instance Metadata Service

AWS DotNet SDK Error: Unable to get IAM security credentials from EC2 Instance Metadata Service

I use an example from here in order to retreive a secret from AWS SecretsManager in C# code.

I have set credentials locally via AWS CLI, and I am able to retreive secret list using AWS CLI command aws secretsmanager list-secrets.

But C# console app fails with an error:

> Unhandled exception. System.AggregateException: One or more errors occurred. (Unable to get IAM security credentials from EC2 Instance Metadata Service.)
 ---> Amazon.Runtime.AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.
   at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.FetchCredentials()
   at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentials()
   at Amazon.Runtime.DefaultInstanceProfileAWSCredentials.GetCredentialsAsync()
   at Amazon.Runtime.Internal.CredentialsRetriever.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.ErrorCallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
   at Amazon.Runtime.Internal.MetricsHandler.InvokeAsync[T](IExecutionContext executionContext)
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
   at System.Threading.Tasks.Task`1.get_Result()
   at AWSConsoleApp2.GetSecretValueFirst.GetSecret() in D:\Work\Projects\Training\AWSConsoleApp2\AWSConsoleApp2\GetSecretValueFirst.cs:line 53
   at AWSConsoleApp2.Program.Main(String[] args) in D:\Work\Projects\Training\AWSConsoleApp2\AWSConsoleApp2\Program.cs:line 11

When I change original constructor call

IAmazonSecretsManager client = new AmazonSecretsManagerClient();

to use the constructor overload with added parameter of type AWSCredentials

IAmazonSecretsManager client = new AmazonSecretsManagerClient(new StoredProfileAWSCredentials());

it works fine.

Class StoredProfileAWSCredentials is obsolete but it works to use it. I use libraries that work without errors on the other machines and I cannot change them.

I use credentials for user that belongs to Administrators group and has full access to SecretsManager. Region has set properly in C# code, profile is default.

Any ideas? Thanks for advance

Solution

I had the same issue, and here is how I fixed it in my development environment

I created an AWS profile using the AWS Explorer extension for Visual Studio. This is also called the AWS Toolkit for Visual Studio.
Once the profile is set up the credentials are passed in using the profile.

Please note that the profile accessing the AWS Secrets Manager secret must have the proper authorization to do so. This AWS documentation will help get you in the right direction.