31

I've looked at every answer on here and it seems my problem is a little different or there hasn't been a proper solution. I'm doing the following in my PHP file:

use Aws\Route53\Route53Client;

$client = Route53Client::factory(array(
    'profile' => 'default',
    'region' => 'us-east-1',
    'version' => '2013-04-01'
));

Getting this error:

Fatal error: Uncaught Aws\Exception\CredentialsException: Cannot read credentials from /.aws/credentials

Seems like the easy fix would be ensure that the HOME directory is the right one. Indeed it already is. Files are readable and my ec2-user is already the owner. Key and Secret is already installed in the 'credentials' file. Profile name is already set to 'default.' Tried to copy /.aws to other directories such as the root, /home, etc and changed permissions, chmod, all the above. Still nothing.

Then I tried to hard-code the credentials (I know -- not recommended) just to give it a little kick, and it completely ignores that I did this:

$client = Route53Client::factory(array(
    'profile' => 'default',
    'region' => 'us-east-1',
    'version' => '2013-04-01',
    'credentials' => [
            'key' => $key,
            'secret' => $secret,
    ]
));

As a last resort, I even tried including the CredentialProvider class, and passing this into my array -- still nothing:

'credentials' => CredentialProvider::ini('default', '/home/ec2-user/.aws/credentials'),

What on earth am I doing wrong?

Justin H
  • 371
  • 1
  • 3
  • 7

8 Answers8

132

Just remove 'profile' => 'default', and you should work fine 

$client = Route53Client::factory(array(
  'region' => 'us-east-1',
  'version' => 'latest',
  'credentials' => [
        'key' => $key,
        'secret' => $secret,
  ]
));
Faruk
  • 5,438
  • 3
  • 30
  • 46
5

Running on AWS Centos 7, I tried everything (chmod/chown /root /home/user, env, bashrc, etc) to get the /.aws/credentials to work outside the apache /var/www directory. The SDK reported that it could not read the credentials file.

I looked at PHP to see if I could set/override the HOME variable and it still did not read the credentials file until I placed the .aws folder in the '/var/www' folder and set the HOME variable in my php file like so:

 <%php
 putenv('HOME=/var/www');

 //ZIP File SDK Install requires aws-autoloader
 require 'aws-autoloader.php'; //Your php code below
trax-cio
  • 51
  • 1
  • 3
5

Facing this issue, here was my exact approach:

PHP version : 7.2.24 AWS PHP SDK version: 3.180.4

First copy your existing aws folder to your root home directory

sudo cp -r ~/.aws /

Then your code should look like:

$client = Route53Client::factory(array(
    'profile' => 'default',
    'region' => 'us-east-1',
    'version' => '2013-04-01'
));

In my case, it was interesting to realize that the PHP SDK looks for the credentials file in the root folder and not in the current users's home directory. That's the most feasible reason why my approach worked.

However, you want to find a more general place for your local configs and use the following approach to load it.

$path = '/my/config/folder/.aws/credentials';
$provider = CredentialProvider::ini('default', $path); 
$provider = CredentialProvider::memoize($provider);

$client = Route53Client::factory(array(
    'region' => 'us-east-1',
    'version' => '2013-04-01',
    'credentials' => $provider
));

Hopefully this throws more light into the AWS PHP community. It's really important to get this configuration right to build secure PHP applications

Akah
  • 1,389
  • 14
  • 19
4

Here is what I ended up doing for purposes of this question, although EJ's answer above is actually the right answer. Hopefully this helps someone to get their credentials file to be read:

use Aws\Credentials\CredentialProvider;
use Aws\Route53\Route53Client;

$profile = 'default';
$path = '/var/www/html/.aws/credentials';
$provider = CredentialProvider::ini($profile, $path); 
$provider = CredentialProvider::memoize($provider);

$client = Route53Client::factory(array(
    'region' => 'us-east-1',
    'version' => '2013-04-01',
    'credentials' => $provider
));
Justin H
  • 371
  • 1
  • 3
  • 7
  • 2
    One thing to mention here, for hard-coded way removing `profile=>default` from arguments array worked for my case as mentioned here: https://stackoverflow.com/a/47949875/5416602 – Umair Malhi Oct 12 '18 at 08:59
1

Not sure what you are doing wrong, but I'd suggest bypassing the problem altogether and assigning an EC2 Instance role to the vm in question and then you won't have to worry about it; it's a better/more secure solution.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

E.J. Brennan
  • 45,870
  • 7
  • 88
  • 116
  • Thanks E.J. The reason I attempted the method I described above is to programmatically be able to update DNS configurations in Route53. It seems like the instructions at https://docs.aws.amazon.com/aws-sdk-php/v2/guide/service-route53.html describe doing this through the inclusion of the SDK classes, which will default to check the credentials file, I assume, right? Are there other methods in the documentation somewhere that describe modifying DNS records using your proposed solution? – Justin H Apr 13 '18 at 02:17
1

I think the AWS manual is a bit confusing. I created the .aws directory at the filesystem root (/), not in the /root or /home dir, and everything worked.

/.aws/credentials

Gass
  • 7,536
  • 3
  • 37
  • 41
Lux
  • 71
  • 4
0

I upgraded from PHP 8.0 to PHP 8.1 and PHP suddenly complained it couldn't find the credential file. The xdebug error trace showed me the expected location, which was one level below my public html directory. I don't know why it changed, but I simply ran this command in that directory:

ln -s /.aws/ .aws

The symlink I created works fine to provide the credentials. I'm back up and running.

Buttle Butkus
  • 9,206
  • 13
  • 79
  • 120
-1
  • check the permission of .aws/* files using "ls -l"
  • Change the permission to grand read or grant all permision "sudo chmod 777 .aws/*"
  • rerun the code
Amila Viduranga Welikala
  • 7
  • 1