Can I use .aws/config file to provide AWS S3 credentials?

14 views (last 30 days)
the cyclist
the cyclist on 12 Jan 2022
Commented: Kojiro Saito on 14 Jan 2022
I have been able to successfully access files on an AWS bucket via the syntax
readtable('s3://bucketname/filename.csv')
when I store my AWS credentials in the file .aws/credentials.
However, when I try to use .aws/config instead, I get the error message
===========================================================================================
Location 's3://bucketname/filename.csv' requires credentials. You must setup
an AWS credentials file, or set the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
===========================================================================================
The .aws/config file method works for both command line and Python access, so I am confident I have the file itself correct.

Accepted Answer

Kojiro Saito
Kojiro Saito on 13 Jan 2022
readtable checks AWS Credentials either
  • environment variable "AWS_SHARED_CREDENTIALS_FILE"
  • ".aws/credentials" file
  • environment variable AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
in matlab.io.internal.vfs.validators.validateCloudEnvVariables function.
.aws/credentials is hard coded in \toolbox\shared\virtualfileio\+matlab\+io\+internal\+vfs\+validators\hasS3CredentialsFile.m, so if you want to change the path, currently you need to edit the code
from
credentialsFilePath = fullfile(basePath, '.aws', 'credentials');
to
credentialsFilePath = fullfile(basePath, '.aws', 'config');
But, as AWS document says, "The AWS CLI stores sensitive credential information that you specify with aws configure in a local file named credentials, in a folder named .aws in your home directory. The less sensitive configuration options that you specify with aws configure are stored in a local file named config".
The credentials are sensitive and I would store them in credentials file as by default.
  4 Comments
Kojiro Saito
Kojiro Saito on 14 Jan 2022
The necessary policy for reading from and writing to S3 depends on softwares. Some policies might not needed in other tools but as my investigation, MATLAB needs GetObject, ListBucket and GetBucketLocation policies.
How about putting AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY written in .aws\config to MATLAB with setenv then, doing readtable?
setenv('AWS_ACCESS_KEY_ID', 'xxx')
setenv('AWS_SECRET_ACCESS_KEY', 'xxx')
%setenv('AWS_REGION', 'xxx') % Optional Ex) us-east-1
readtable('s3://bucketname/filename.csv')
If this does not work, there are some more policy needed in IAM policy for MATLAB to read from S3.

Sign in to comment.

More Answers (0)

Products


Release

R2021b

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by