Additional information about users and roles - AWS SDK for .NET (V3)
Users and permission setsService roles

Version 4 (V4) of the AWS SDK for .NET has been released!

To start using the new version of the SDK, see the AWS SDK for .NET (V4) Developer Guide, especially the topic for Migrating to version 4.

Additional information about users and roles

For doing .NET development on AWS or for running .NET applications on AWS, you need to have some combination of users, permission sets, and service roles that are appropriate for these tasks.

The specific users, permission sets, and service roles that you create, and the way in which you use them, will depend on the requirements of your applications. The following is some additional information about why they might be used and how to create them.

Users and permission sets

Although it's possible to use an IAM user account with long-term credentials to access AWS services, this is no longer a best practice and should be avoided. Even during development, it is a best practice to create users and permission sets in AWS IAM Identity Center and use temporary credentials provided by an identity source.

For development, you can use the user that you created or were given in Configure SDK authentication. If you have appropriate AWS Management Console permissions, you can also create different permission sets with least privilege for that user or create new users specifically for development projects, providing permission sets with least privilege. The course of action you choose, if any, depends on your circumstances.

For more information about these users and permissions sets and how to create them, see Authentication and access in the AWS SDKs and Tools Reference Guide and Getting started in the AWS IAM Identity Center User Guide.

Service roles

You can set up an AWS service role to access AWS services on behalf of users. This type of access is appropriate if multiple people will be running your application remotely; for example, on an Amazon EC2 instance that you have created for this purpose.

The process for creating a service role varies depending on the situation, but is essentially the following.

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. Choose Roles, and then choose Create role.

  3. Choose AWS service, find and select EC2 (for example), and then choose the EC2 use case (for example).

  4. Choose Next: Permissions, and select the appropriate policies for the AWS services that your application will use.

    Warning

    Do NOT choose the AdministratorAccess policy because that policy enables read and write permissions to almost everything in your account.

  5. Choose Next: Tags and enter any tags you want.

    You can find information about tags in Control access using AWS resource tags in the IAM User Guide.

  6. Choose Next: Review and provide a Role name and Role description. Then choose Create role.

You can find high-level information about IAM roles in Identities (users, groups, and roles) in the IAM User Guide. Find detailed information about roles in that guide's IAM roles topic.

Additional information about roles

  • Use IAM roles for tasks for Amazon Elastic Container Service (Amazon ECS) tasks.

  • Use IAM roles for applications that are running on Amazon EC2 instances.