Cannot read credentials from /.aws/credentials

Asked 19/9, 2018 at 9:49 Answered 30/5, 2023 at 14:4

Solved amazon-web-services amazon-s3 aws-sdk aws-php-sdk

I am trying to integrate AWS PHP SDK for codeigniter

But its showing error as follows

An uncaught Exception was encountered
Type: Aws\Exception\CredentialsException

Message: Cannot read credentials from /.aws/credentials

Filename: /var/www/html/aws/Aws/Credentials/CredentialProvider.php

And on cli getting an error as -bash: /root/.aws/credentials: Permission denied

So after this i have allowed permission ... cli error has gone but php error Cannot read credentials from /.aws/credentials still remain.

Please help to solve this issue.

Thanks!

Whiff answered 19/9, 2018 at 9:49 Comment(10)

what are the file permissions now and what user does CI app run on behalf of? – Vevine 19/9, 2018 at 11:25

It looks like the application is running as root user and /root does not have .aws. – Stertor 19/9, 2018 at 12:43

@Stertor for us path for aws is /home/ubuntu/.aws. – Whiff 19/9, 2018 at 12:50

Is your PHP server running as root? if it is then you need /root/.aws/credentials not in /home/ubuntu/.aws – Stertor 19/9, 2018 at 12:52

@Stertor for us path for aws is /home/ubuntu/.aws. We can successfully get result for command root@ip-****---:~# aws configure list ... But when tried to execute command root@ip-****---:~# ~/.aws/credentials gives us an error as ===> /root/.aws/credentials: line 1: [default]: command not found /root/.aws/credentials: line 2: aws_secret_access_key: command not found /root/.aws/credentials: line 3: aws_access_key_id: command not found – Whiff 19/9, 2018 at 12:56

@Stertor Our application running at /var/www/html/ – Whiff 19/9, 2018 at 12:58

That's the location. What is the user that is running your application? – Stertor 19/9, 2018 at 13:3

How to check that ?? – Whiff 19/9, 2018 at 13:7

Where are you running this code? Locally on your machine, or inside AWS (e.g. EC2). That makes a difference regarding credentials. – Baneful 20/9, 2018 at 0:28

@Olivier De Meulder we are running this code on ec2 – Whiff 20/9, 2018 at 4:38

If your are using IAM Role to EC2 Instance then there is no need of using following

'profile'=>'default',

i just remove above line which solved error "Cannot read credentials from /.aws/credentials"

Issue using an IAM role with PHP SDK

Whiff answered 22/9, 2018 at 9:16 Comment(0)

When running code on another AWS service, you do not work with key and secret, as you would on your local machine. Take a look at the answer I gave on another question.

Basically, your EC2 instance is assigned a service role. Then you would attach one or more IAM policies to that role. The IAM policies will determine what AWS resources and actions your EC2 instance can access.

In your PHP code you would instantiate your client using the CredentialProvider::defaultProvider(). If you were working with S3 for example, it would look like this.

$s3 = new S3Client([
    'region' =>'us-east-1',
    'credentials' => CredentialProvider::defaultProvider()
]);

Baneful answered 20/9, 2018 at 14:7 Comment(0)

When PHP is running under a service there is no "user". Therefore PHP will not attempt to access /root/.aws/credentials. If you review the error the path is /.aws/credentails.

To solve this problem create a new directory /.aws and copy the directory /root/.aws to /.aws

Improvement:

You have installed the PHP SDK inside your website root folder which makes these files accessible externally. SDKs should be installed outside of your website folders.

Grandfatherly answered 19/9, 2018 at 17:20 Comment(4)

where to create /.aws directory – Whiff 20/9, 2018 at 5:4

create the directory in the / directory. That is what /.aws means. – Grandfatherly 20/9, 2018 at 5:47

Hi thanks for your reply..i am getting same error after following steps you have mentioned... Is there any thing else need to do ..?? – Whiff 20/9, 2018 at 6:43

This should be higher up! Thanks, it worked like a charm (local development enviro). – Exhibit 11/2, 2021 at 4:52

For me in the development environment i didn't use iam role so didn't need to access the .aws/credentials file.

By removing the 'profile'=>'default' from the $config you tell the SDK not to look for .aws/credentials file, and then you can call the service construction with key and secret

When using'profile'=>'default', the sdk will first look for the .aws/credentials file and if not exists will throw an exception

For example :

        $config = array(
            'region'  => $region,
            'version' => $version
        );

        $credentials = new Credentials($key, $secret);
        $config['credentials'] = $credentials;
        

        $dynamoDbClient = new DynamoDbClient($config);

Mcdougald answered 30/5, 2023 at 14:4 Comment(1)

This worked for me, I needed to remove the profile param, and pass my IAM credentials. Thanks! – Kilohertz 24/10, 2023 at 13:2

Recommended topics

Hot tags