Can I use .aws/config file to provide AWS S3 credentials?

12 visualizzazioni (ultimi 30 giorni)
I have been able to successfully access files on an AWS bucket via the syntax
readtable('s3://bucketname/filename.csv')
when I store my AWS credentials in the file .aws/credentials.
However, when I try to use .aws/config instead, I get the error message
===========================================================================================
Location 's3://bucketname/filename.csv' requires credentials. You must setup
an AWS credentials file, or set the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
===========================================================================================
The .aws/config file method works for both command line and Python access, so I am confident I have the file itself correct.

Risposta accettata

Kojiro Saito
Kojiro Saito il 13 Gen 2022
readtable checks AWS Credentials either
  • environment variable "AWS_SHARED_CREDENTIALS_FILE"
  • ".aws/credentials" file
  • environment variable AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
in matlab.io.internal.vfs.validators.validateCloudEnvVariables function.
.aws/credentials is hard coded in \toolbox\shared\virtualfileio\+matlab\+io\+internal\+vfs\+validators\hasS3CredentialsFile.m, so if you want to change the path, currently you need to edit the code
from
credentialsFilePath = fullfile(basePath, '.aws', 'credentials');
to
credentialsFilePath = fullfile(basePath, '.aws', 'config');
But, as AWS document says, "The AWS CLI stores sensitive credential information that you specify with aws configure in a local file named credentials, in a folder named .aws in your home directory. The less sensitive configuration options that you specify with aws configure are stored in a local file named config".
The credentials are sensitive and I would store them in credentials file as by default.
  4 Commenti
the cyclist
the cyclist il 14 Gen 2022
I can't see the policy list. (I don't sufficient privileges in my org.)
However, the fact that I can use Python or the command line (via config file) suggests to me that this is not the issue. Right?
This is not particularly high-priority to me at this point, as I can in fact just use a credentials file. (It just means an additional manual step that I was hoping to avoid.) But, if you have other ideas I may try them later, for the sake of someone finding this solution.
Kojiro Saito
Kojiro Saito il 14 Gen 2022
The necessary policy for reading from and writing to S3 depends on softwares. Some policies might not needed in other tools but as my investigation, MATLAB needs GetObject, ListBucket and GetBucketLocation policies.
How about putting AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY written in .aws\config to MATLAB with setenv then, doing readtable?
setenv('AWS_ACCESS_KEY_ID', 'xxx')
setenv('AWS_SECRET_ACCESS_KEY', 'xxx')
%setenv('AWS_REGION', 'xxx') % Optional Ex) us-east-1
readtable('s3://bucketname/filename.csv')
If this does not work, there are some more policy needed in IAM policy for MATLAB to read from S3.

Accedi per commentare.

Più risposte (0)

Categorie

Scopri di più su Install Products in Help Center e File Exchange

Prodotti


Release

R2021b

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by