11

I am working on a .NET Core application for AWS. After reading this post, I added a file named credentials (without extension) in the folder: C:\Users\Daan\. In this text file, the access key and the secret access key are both there.

Unfortunately, the Credentials property is not set after running my code. Other properties, such as Region and Profile, are set correctly based on my appsettings file.

What becomes clear is that my program modifies the credentials file by adding this to the credentials file:

toolkit_artifact_guid=[A GUID]

Can someone explain to me what this means, and how I fix it? By fixing, I mean that my credentials file is not modified but just read to set the Credentials property of my awsOptions variable.

It is important to know that I created this file myself (not with the CLI), I double checked that the credentials are correct, and that this is my code. Moreover, I do have .NET experience, but I just started working with AWS.

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvc();
    var awsOptions = Configuration.GetAWSOptions();        
    services.AddDefaultAWSOptions(awsOptions);
    services.AddAWSService<Amazon.S3.IAmazonS3>();
}
Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
Daan
  • 2,478
  • 3
  • 36
  • 76
  • Any answers to this question? I've ran into this myself and have wasted a day trying to figure out what is causing this. – mrtedweb Jun 15 '18 at 21:10
  • 1
    No. The answer remains un answered. However, if you see below on this page https://github.com/aws/aws-sdk-java/issues/969 then it becomes clear that you can also create a credentials object and a client object without calling GetAWSOptions. This will help you using aws services. The practical problem shall be solved but as said question remains unanswered. – Daan Jun 15 '18 at 21:27

3 Answers3

2

I'm sure you long ago figured out why it wasn't working, but just in case:

Typically, the credentials and config files are placed in a folder called .aws that is in the C:\Users\YourUser\ folder. So, the full path to the credentials file would be C:\Users\YourUser\.aws\credentials

( Note: for Linux users, it's in ~/.aws, so ~/.aws/credentials )

You can't create a folder name that starts with a . using Windows Explorer, but you can create it from the command-line. Just open a command prompt, do

 CD C:\Users\YourUser
 mkdir .aws

Then you can drag your credentials and config files in there using Windows Explorer. You can set a default region for each profile in the config file (which is just a text file with no extension, same as credentials), like this:

[default]
region = us-west-2

[staging]
region = us-east-2

The toolkit_artifact_guid is created by the AWS Toolkit for Visual Studio, I believe, and I think it serves to map each profile to the profile that the toolkit uses as "last used". If you look in the C:\Users\YourUser\AppData\Local\AWSToolkit folder, you'll see a MiscSettings.json file, which has a LastAcountSelectedKey node that probably shows one of the guids from your credentials file (assuming you used the AWS Explorer window/pane in Visual Studio for anything).

In the same folder as MiscSettings.json, you may see a file called RegisteredAccounts.json, which is the other place that your AWS credentials (access key and secret key) can be stored. This is where new profiles you create with the AWS Tools for PowerShell are stored (but the keys are encrypted in this file), and I believe if you create a profile in the AWS Explorer in Visual Studio, it stores them here, also. Your .NET apps, when running locally, will check that RegisteredAccounts.json file first (not directly, but via an AWS .NET library), then fall back to the plain-text .aws\credentials file.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
Kirkaiya
  • 1,145
  • 11
  • 14
1

"toolkit_artifact_guid" could get populated in the "credentials" file due to 3rd party extensions and updates.

Most probably could be due to AWS Toolkit for Visual Studio.

Dinesh Halpage
  • 89
  • 1
  • 5
0

According to this link, the documentation says:

The Toolkit for Visual Studio supports multiple sets of credentials from any number of accounts. Each set is referred to as a profile. When you add a profile to the Toolkit for Visual Studio, the credentials can be stored using two mechanisms:

Encrypted and stored in the SDK Credential Store.

This store is also used by the AWS SDK for .NET and the AWS Tools for Windows PowerShell. The SDK Credential Store is specific to your Windows user account on your machine and can't be decrypted or used elsewhere.

The plain-text shared AWS credentials file used by other AWS SDKs and the AWS CLI.

To use the Toolkit for Visual Studio, at least one credential profile must be available from either the SDK Credential Store or the shared AWS credentials file.

The location of the SDK Credential Store is C:\Users\<your-windows-logon>\AppData\Local\AWSToolkit. In that folder you will see a couple of JSON files: MiscSettings.json and RegisteredAccounts.json. In the MiscSettings.json file, there's a parameter called "LastAcountSelectedKey" which has a guid. Example:

{
    "MiscSettings" : {
        "AnalyticsCognitoIdentityId" : "<string redacted>",
        "AnalyticsMostRecentlyUsedCognitoIdentityPoolId" : "<string redacted>",
        "AnalyticsAnonymousCustomerId"                   : "<string redacted>",
        "lastselectedregion"                             : "us-east-1",
        "AnalyticsPermitted"                             : "true",
        "HostedFilesLocation"                            : "file://C:\\Users\\<your-windows-logon>\\.aws",
        "LastAcountSelectedKey"                          : "<GUID-we-see>"
    }
}

This GUID-we-see is what appears in the credentials file:

[default]
aws_access_key_id = ""
aws_secret_access_key = ""
region = us-east-1
toolkit_artifact_guid = GUID-we-see
Njintarch
  • 1
  • 1