Important warnings and guidance for credentials - Amazon SDK for .NET
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Important warnings and guidance for credentials

Warnings for credentials

  • Do NOT use your account's root credentials to access Amazon resources. These credentials provide unrestricted account access and are difficult to revoke.

  • Do NOT put literal access keys in your application files. If you do, you create a risk of accidentally exposing your credentials if, for example, you upload the project to a public repository.

  • Do NOT include files that contain credentials in your project area.

  • Credentials in one of the credential-storage mechanisms, the shared Amazon credentials file, are stored in plaintext.

Additional guidance for securely managing credentials

For a general discussion of how to securely manage Amazon credentials, see Best practices for managing Amazon access keys in the Amazon General Reference. In addition to that discussion, consider the following:

  • Create IAM users and use their credentials instead of using your Amazon root user. IAM user credentials can be revoked if necessary. In addition, you can apply a policy to each IAM user for access to certain resources and actions.

  • Use IAM roles for applications that are running on Amazon EC2 instances.

  • Use temporary credentials or environment variables for applications that are available to users outside your organization.