I'm running into an issue in that the SDK is using the credentials that I have for the [default] profile instead of using the credentials I'm explicitly telling it to use.
To run my application against the AWS environment I need it to use I get short term tokens from STS that are placed in my shared credentials file before I start the application. In my appsettings.json I'm defining which AWS profile I want the application to use, however that doesn't seem to work correctly with credentials that are provided from STS. To get around that limitation I load the profile credentials from the shared credentials file using the profile name a specified in the appsettings.json file and the method Amazon.Runtime.CredentialManagement.SharedCredentialsFile().TryGetProfile to retrieve all of the credential items for the profile. If the profile credentials are found and loaded correctly I'm getting the current AWSOptions from the configuration and setting the Credentials property to a new SessionAWSCredentials object that I'm creating with the AccessKey, SecretKey and Token from the loaded profile object and then setting the modified AWSOptions object back to the services with the AddDefaultAWSOptions method.
While I've seen other examples of overriding the initial AWSOptions using the EnvironmentVariablesAWSCredentials I haven't come across an example using SessionAWSCredentials. I really don't expect the setup to be any different since the Credentials object I'm using is just an extension of the base AWS Credentials object
Based on the Credential and Profile Resolution document I should be configuring the services correctly.
I'm I missing something that would tell the added AWS services to use the credentials I've explicitly plugged in vs the default ones in the shared credentials file?
public virtual void ConfigureServices(IServiceCollection services) {
Amazon.Runtime.CredentialManagement.CredentialProfile developerProfile;
if (new Amazon.Runtime.CredentialManagement.SharedCredentialsFile().TryGetProfile(Configuration["AWSProfileName"], out developerProfile))
{
var awsOptions = Configuration.GetAWSOptions();
awsOptions.Region = Amazon.RegionEndpoint.USEast1;
awsOptions.Credentials = new Amazon.Runtime.SessionAWSCredentials(developerProfile.Options.AccessKey, developerProfile.Options.SecretKey, developerProfile.Options.Token);
services.AddDefaultAWSOptions(awsOptions);
services.AddAWSService<Amazon.S3.IAmazonS3>();
services.AddAWSService<Amazon.SimpleSystemsManagement.IAmazonSimpleSystemsManagement>();
}
}
