Hey all, wondering what best practice is for authenticating boto3 in production using dagster. For airflow, I would use the secrets manager in the UI. Not sure how I would do this in dagster. Any thoughts here on best practices? aside.. I can use secrets manager to get my snowflake, dbt, rds credentials. I'm wondering how I can authenticate boto3 safely so that I can use secrets manager

You can use the built in ec2/container IAM role, then there's no reason to store aws credentials on the machine or image.

For local development, do you suggest just using env variables?

Ah, for local dev, yes you could use env variables but I usually volume mount my own aws creds into the image and let the image use those.

So just the creds file?

Right.

~\.aws\credentials

Thanks I think that can work