Can I use .aws/config file to provide AWS S3 credentials?

조회 수: 9 (최근 30일)
the cyclist
the cyclist 2022년 1월 12일
댓글: Kojiro Saito 2022년 1월 14일
I have been able to successfully access files on an AWS bucket via the syntax
readtable('s3://bucketname/filename.csv')
when I store my AWS credentials in the file .aws/credentials.
However, when I try to use .aws/config instead, I get the error message
===========================================================================================
Location 's3://bucketname/filename.csv' requires credentials. You must setup
an AWS credentials file, or set the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
===========================================================================================
The .aws/config file method works for both command line and Python access, so I am confident I have the file itself correct.

이 질문에 답변하려면 로그인하십시오.

채택된 답변

Kojiro Saito
Kojiro Saito 2022년 1월 13일
readtable checks AWS Credentials either
  • environment variable "AWS_SHARED_CREDENTIALS_FILE"
  • ".aws/credentials" file
  • environment variable AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
in matlab.io.internal.vfs.validators.validateCloudEnvVariables function.
.aws/credentials is hard coded in \toolbox\shared\virtualfileio\+matlab\+io\+internal\+vfs\+validators\hasS3CredentialsFile.m, so if you want to change the path, currently you need to edit the code
from
credentialsFilePath = fullfile(basePath, '.aws', 'credentials');
to
credentialsFilePath = fullfile(basePath, '.aws', 'config');
But, as AWS document says, "The AWS CLI stores sensitive credential information that you specify with aws configure in a local file named credentials, in a folder named .aws in your home directory. The less sensitive configuration options that you specify with aws configure are stored in a local file named config".
The credentials are sensitive and I would store them in credentials file as by default.
  댓글 수: 4
이전 댓글 2개 표시
the cyclist
the cyclist 2022년 1월 14일
I can't see the policy list. (I don't sufficient privileges in my org.)
However, the fact that I can use Python or the command line (via config file) suggests to me that this is not the issue. Right?
This is not particularly high-priority to me at this point, as I can in fact just use a credentials file. (It just means an additional manual step that I was hoping to avoid.) But, if you have other ideas I may try them later, for the sake of someone finding this solution.
Kojiro Saito
Kojiro Saito 2022년 1월 14일
The necessary policy for reading from and writing to S3 depends on softwares. Some policies might not needed in other tools but as my investigation, MATLAB needs GetObject, ListBucket and GetBucketLocation policies.
How about putting AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY written in .aws\config to MATLAB with setenv then, doing readtable?
setenv('AWS_ACCESS_KEY_ID', 'xxx')
setenv('AWS_SECRET_ACCESS_KEY', 'xxx')
%setenv('AWS_REGION', 'xxx') % Optional Ex) us-east-1
readtable('s3://bucketname/filename.csv')
If this does not work, there are some more policy needed in IAM policy for MATLAB to read from S3.

댓글을 달려면 로그인하십시오.

추가 답변 (0개)

카테고리

Help CenterFile Exchange에서 Install Products에 대해 자세히 알아보기

태그

제품


릴리스

R2021b

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by