Important warnings and guidance for credentials - AWS SDK for .NET

Do you want to deploy your .NET applications to AWS in just a few simple clicks? Try our new .NET CLI tooling for a simplified deployment experience! Read our blog post and submit your feedback on GitHub!

For additional information, see the section for the deployment tool in this guide.

Important warnings and guidance for credentials

Warnings for credentials

  • Do NOT use your account's root credentials to access AWS resources. These credentials provide unrestricted account access and are difficult to revoke.

  • Do NOT put literal access keys in your application files. If you do, you create a risk of accidentally exposing your credentials if, for example, you upload the project to a public repository.

  • Do NOT include files that contain credentials in your project area.

  • Credentials in one of the credential-storage mechanisms, the shared AWS credentials file, are stored in plaintext.

Additional guidance for securely managing credentials

For a general discussion of how to securely manage AWS credentials, see Best practices for managing AWS access keys in the AWS General Reference. In addition to that discussion, consider the following:

  • Create IAM users and use their credentials instead of using your AWS root user. IAM user credentials can be revoked if necessary. In addition, you can apply a policy to each IAM user for access to certain resources and actions.

  • Use IAM roles for applications that are running on Amazon EC2 instances.

  • Use temporary credentials or environment variables for applications that are available to users outside your organization.