Can't pass my credentials to AWS PHP SDK

Question

I installed AWS PHP SDK and am trying to use SES. My problem is that it's (apparently) trying to read ~/.aws/credentials no matter what I do. I currently have this code:

$S3_AK = getenv('S3_AK');
$S3_PK = getenv('S3_PK');
$profile = 'default';
$path = '/home/franco/public/site/default.ini';
$provider = CredentialProvider::ini($profile, $path);
$provider = CredentialProvider::memoize($provider);
$client = SesClient::factory(array(
      'profile' => 'default',
      'region' => 'us-east-1',
      'version' => "2010-12-01",
      'credentials' => [
        'key'    => $S3_AK,
        'secret' => $S3_PK,
      ]
  ));

And am still getting "Cannot read credentials from ~/.aws/credentials" error (after quite a while).

I tried 'credentials' => $provider of course, that was the idea, but as it wasn't working I reverted to hardcoded credentials. I've dumped $S3_AK and $S3_PK and they're fine, I'm actually using them correctly for S3, but there I have Zend's wrapper. I've tried ~/.aws/credentials (no ".ini") to the same result. Both files having 777 permissions.

Curious information: I had to set memory limit to -1 so it would be able to var_dump the exception. The html to the exception is around 200mb.

I'd prefer to use the environment variables, all though the credentials file is fine. I just don't understand why it appears to be trying to read the file even though I've hardcoded the credentials.

EDIT: So a friend showed me this, I removed the profile and also modified the try/catch and noticed the client seems to be created properly, and the error comes from trying to actually send an email.

shouldn't variable be `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` ? — Frederic Henri, May 20 '16 at 07:36
In case my answer doesn't work, check the permissions of not only the file, but the parent directories of the file; the user that the server is running on may not be able to read it since it can't open one of the parent directories. You can test this with something like `sudo -u www-data stat /home/franco/public/site/default.ini`, where `www-data` is the server user. — millinon, May 20 '16 at 09:13
Frédéric, one is the key id, the other is the access key, I'm getting them from environment variables. Still, the problem is it's trying to read that file enven though I'm explicitly telling it the credentials. — shinax, May 20 '16 at 12:31
Frédéric, sorry I think I undersood you incorrectly. https://github.com/aws/aws-sdk-php/blob/master/src/AwsClient.php#L62 says the variables are secret and key. — shinax, May 20 '16 at 12:45

score 24 · Answer 1 · answered Dec 23 '17 at 04:56

24

The trick is just remove 'profile' => 'default' from the factory params, if this is defined we can't use a custom credentials file or environment variables. Is not documented but just works.

I'm using Sns and Sdk v3.

<?php
use Aws\Credentials\CredentialProvider;

$profile = 'sns-reminders';
$path = '../private/credentials';

$provider = CredentialProvider::ini($profile, $path);
$provider = CredentialProvider::memoize($provider);

$sdk = new Aws\Sdk(['credentials' => $provider]);

$sns = $sdk->createSns([
//        'profile' => $profile,
        'region'  => 'us-east-1',
        'version' => 'latest',
]);

answered Dec 23 '17 at 04:56

Alan Delval

449
6
20

This worked for me for hard-coded credentials way, Did not check with other ways yet – Umair Malhi Oct 12 '18 at 08:56
Superb. Not documented at all, and forces us to use both. Strange. Kudos! – Vijay Kumar Kanta Nov 21 '18 at 14:16
AWS documentation is crap, long text about nothing, not focusing on practical approach. Thanks for sharing ! – Tom Raganowicz Jan 18 '19 at 12:21
I spent 4+ hours troubleshooting, tried a custom credentials provider, env vars, and hardcoded. None of them worked, until I followed this instruction. Thank you! – jakxnz Mar 20 '19 at 04:41

score 1 · Answer 2 · answered May 20 '16 at 09:09

1

This solution will probably only work if you're using version 3 of the SDK. I use something similar to this:

$provider = CredentialsProvider::memoize(CredentialsProvider::ini($profile, $path));
$client = new SesClient([
    'version' => 'latest',
    'region'  => 'us-east-1',
    'credentials' => $provider]);

I use this for S3Client, DynamoDbClient, and a few other clients, so I am assuming that the SesClient constructor supports the same arguments.

answered May 20 '16 at 09:09

millinon

1,528
1
20
31

As I said, "I tried 'credentials' => $provider of course", and it still tried to read the file. – shinax May 20 '16 at 12:29

score -2 · Accepted Answer · answered May 20 '16 at 13:37

OK, I managed to fix it. I couldn't read the credentials file but it wasn't exactly my idea. What was happening was that the actual client was being created successfully, but the try/catch also had the sendEmail included. This was what was failing. About creating the client with explicit credentials: If you specify region, it will try and read a credentials file.

About the SendEmail, this is the syntax that worked for me, I'd found another one also in the AWS docs site, and that one failed. It must've been for an older SDK.

Can't pass my credentials to AWS PHP SDK

3 Answers3

Linked