AWS SDK for PHP: Error retrieving credentials from the instance profile metadata server

Question

I am trying to send SNS messeges to android through web api. Downloaded and installed the SDK from http://aws.amazon.com/developers/getting-started/php/

Got followin

Answer 1

In my case, I was using

return DynamoDbClient::factory(array(
  'version' => 'latest',
  'region'  => AWS_REGION,
  'key' => AWS_KEY,
  'secret'  => AWS_SECRET
));

which used to be ok with aws/aws-sdk-php version 2.8.5 , but when composer automatically installed version 3.2.0, I got the error above. The problem is simply that I should've changed the way I made the call to

return DynamoDbClient::factory(array(
  'version' => 'latest',
  'region'  => AWS_REGION,
  'credentials' => array(
    'key' => AWS_KEY,
    'secret'  => AWS_SECRET,
  )
));

as documented here. Without changing the call, the apache php was falling back to looking for the ~/.aws/credentials file using the HOME environment variable, which was empty. You can check its value by running php -r 'var_dump(getenv("HOME"));'.

This is a related post

Answer 2

You have to place the .aws/credentials file with your configuration in the home directory of the web service *usually /var/www) not in the home directory of the logged in user.

You can find what home directory you web service is using by running echo getenv('HOME'); in a php file on your server.

Answer 3

In my case I had to use hard-coded credentials

$s3Client = new S3Client([
    'region' => REGION,
    'version' => '2006-03-01',
    'credentials' => [
        'key'    => S3_KEY,
        'secret' => S3_SECRETE,
    ],
]);

See more details here:

Answer 4

assuming that the server is located on AWS EC2 (probably the same for ECS and elastic beanstalk) the "correct" way to handle this issue is not to store credentials at all.

instead, do this:

1. create an IAM role (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html)
2. add relevant permissions to the role policy (in this case, send SNS msg)
3. assign the role to the EC2 instance (instance settings => Attach/Replace IAM Role)

this way you don't leave any sensitive data in your code.

Answer 5

I was trying to use a credentials file and got the same error, this guy on github pretty much nailed it:

The credentials file should be in ini format but not have a .ini extension. It should have a 'default' section defined with your key and secret:

$ less ~/.aws/credentials

[default]
aws_access_key_id = key
aws_secret_access_key = secret

If you specified other section name instead of default, just add a profile key to the S3Client parameters:

[example]
aws_access_key_id = key
aws_secret_access_key = secret

$s3Client = new \Aws\S3\S3Client([
    'version' => '2006-03-01',
    'region' => $yourPreferredRegion,
    'profile' => 'example',
]);

Using a credentials file or environment variables is the recommended way of providing credentials on your own server

And @Anti 's answer also helped me alot!

If you prefer the hard coded way, just follow @shadi 's answer.

Answer 6

If it is laravel and aws/aws-sdk-php-laravel sdk then after configuring all step and defining key in .env file you have to drop config cache and rebuild it by following commands.

php artisan config:cache;
composer dump-autoload;