I'm new to using AWS Services and Django together and I'm having trouble finding information around best practices for storing your aws creds for Django to access?
I have a basic django application that's connected to an S3 bucket, so I need to be able to use boto to invoke the connection to the bucket. But I'm not sure how to go about storing the aws credentials I would need to pipe into my boto functions to use any of the services.
I have read in a few places of people putting their aws credentials into the settings.py file within their django project, but this doesn't really feel secure to me. I also looked into AWS Secrets Manager, but it looks to me as though it's more suited for keys related to other services.
Could anyone perhaps explain what my other options are, or why storing them in settings.py is perhaps a safe option?
Really not certain on the best way to go about this one.
With secrets, there are always 2 problems:
AWS has parameter store, which is suitable for storing secrets. Secrets Manager is also suitable. The key difference is Secrets Manager is not free and offers key rotation capabilities. So there goes problem number 1.
For problem number 2, like any other AWS services, parameter store is secured behind IAM. If your Django application runs outside AWS, I think there is no other choice but to let it store the credentials. If it is running inside AWS, however, there is usually a way to associate an IAM role to it. Then, as long as the IAM role has the necessary permission, it should be able to access your secret store.