User guide

IAM credentials are easier to revoke if they are compromised and you can apply a policy to each user
that restricts them to a specified set of resources and actions.
The preferred approach for managing credentials is to put a profile for each set of IAM user credentials
that you want to use in the SDK Store (preferred) or a credentials file.
You can then reference a particular profile programmatically or in your application's App.config or
Web.config file instead of having literal credentials in your project files.To limit the risk of unintentionally
exposing credentials, the SDK Store and credentials file are stored separately from any project. To
further reduce risk, the credentials in the SDK Store are encrypted.
Use IAM roles for applications that are running on Amazon EC2 instances.
Use temporary credentials for applications that are available to users outside your organization.
The following topics describe how to manage credentials for an SDK for .NET application. For a general
discussion of how to securely manage AWS credentials, see Best Practices for Managing AWS Access
Keys.
Topics
Using the SDK Store (p. 10)
Using a Credentials File (p. 11)
Using Credentials in an Application (p. 11)
Using the SDK Store
The preferred way to manage credentials for SDK for .NET applications is to add a profile to the SDK
Store for each set of credentials that you want to use in your applications.
The SDK Store can contain multiple profiles from any number of accounts.
You reference the profile by name in your application and the associated credentials are incorporated
at build time.
Your source files never contain literal credentials.
If you include a profile named default, the SDK for .NET will use that profile by default.
The credentials in the SDK store are encrypted, and the SDK Store is in the user's home directory,
which limits the risk of accidentally exposing your credentials.
The SDK Store also provides credentials to the AWS Tools for Windows PowerShell.
There are several ways to manage the profiles in the SDK Store.
The Toolkit for Visual Studio includes a graphical user interface for managing profiles.
For more information, see Setting Up the AWS Toolkit for Visual Studio.
You can manage your profiles from the command line by using the AWS Tools for Windows PowerShell.
For more information, see Using AWS Credentials.
You can manage your profiles programmatically by using the Amazon.Util.ProfileManager class.
The following example adds a new profile to the SDK Store.
Amazon.Util.ProfileManager.RegisterProfile(profileName,
accessKey, secretKey)
Version v2.0.0
10
AWS SDK for .NET Developer Guide
Configuring AWS Credentials