We've not used AWS up until now but I am wanting to use Amazon S3 as a datastore and CloudFront to provide public access to files from Amazon S3. Effectively, a mini-CDN.
I've configured S3 and CloudFront to work and I've built a .net8 console application that can
This is working in my dev environment where my application logs in using an AWS Profile which references my own admin account in AWS. I've tried however searching for some clear guidance in the AWS documentation, youtube on how to set up a means for the same application to operate in our production environment. Obviously I don't want it to use my Admin account - but even if I did, that wouldn't be possible as I need to reauth every 8 hours (which is what I'm doing in dev).
Things I don't know
Things I've tried
I've explored IAM Identity Center
Watched videos on AWS Identity - but these all apply to real users and short session periods (hours) before reauth required.
Trawled through IAM Documentation.
What I really need is some high level guidance on how I should go about setting up some kind of 24-hour access limited to a single S3 bucket and CloudFront distribution. If I understand the broad approach, I can then at least work out the details myself.
Thanks, Chris
If the application runs on an Amazon EC2 instance, you can assign an IAM Role to the instance. Any software that uses an AWS SDK will be able to automatically retrieve credentials with the permissions assigned to the IAM Role.
If your application is running outside of EC2, then the typical practice is to create an IAM User and store the credentials on in a configuration file on the computer. The easiest way to do this is to run aws configure and provide the credentials, which will then be stored in ~/.aws/credentials. You should assign permissions to the IAM User that you want for the application.
Please note that IAM Identity Center is designed for SSO with a corporate identity store, while IAM can be used to generate the Users, Roles and credentials directly.