aws credentials: /home/rstudio-user vs. /cloud/project

#1

What I'm about to ask might be addressed in this thread, but I don't think it is -- at least not directly.

In an RStudio Cloud project, I'm using package aws.signature to access some AWS resources. aws.signature seems to assume that the default location for AWS access credentials (if not stored in an environment variable) is /home/rstudio-user/.aws.

I feel clear that if my RStudio Cloud project is private, then no one other than me can read the files in /cloud/project, so I would feel comfortable storing my credentials in /cloud/project/.aws. But what about /home/rstudio-user/?

Now that I write this out, it occurs to me that the answer is almost certainly "only I can access /home/rstudio-user/, regardless of the public/private settings of any particular project in my workspace" But, before I put access credentials there, I'd like to be sure.

Could someone explain the access others have to /home/rstudio-user/ vs. /cloud/project/, or point me to a resource that does?

One more thing: Perhaps it's better to store credentials in an .Renviron file, as suggested in the docs for aws.signature. But I haven't been able to find clear documentation about how the placement of that file within the file tree affects its accessibility within RStudio Cloud.

Thanks!

0 Likes

#2

We do not have a perfect answer yet for where to store sensitive credentials and we are presently working on a couple of changes that would modify what I'm about to say below.

Currently if the project is private and in "Your Workspace" the only users who can access any of the contents are you (and this likely does not apply to you but other people you have added to your account). If you make a project public other users will only be able see contents of /cloud/project and /home/rstudio-user/R (where the projects packages are stored). So for a project in "Your Workspace" storing aws credential in /home/rstudio-user/.aws would be fine... similarly adding sensitive content to /home/rstudio-user/.Renviron would also be fine.

If you move that project into a space the rules change a little bit and space admins and moderators will be able to access the entire contents of /home/rstudio-user/. Depending on the nature of the credentials this may or may not be ok.

Sean

0 Likes

closed #3

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.

0 Likes