Amazon SES Error retrieving credentials from the instance profile metadata server. (Client error: 404)

2
votes

Am having some issues getting AWS SES working per below; I want to send an email to users from my website. Looks like the credentials are not being validated, however I have used the correct credentials generated from an IAM (I also tried the server root keys and it gave me the same error). I have run out of ideas of how to resolved/ debug any further so any steer would be greatly appreciated.

Error Received on Execution:

Error retrieving credentials from the instance profile metadata server. (Client error: 404)

Steps Taken

  1. I have setup SES and validated the email addresses etc

  2. I have created a IAM profile with 'Full access to SES'

  3. I have installed the AWS SDK for php using the phar file

  4. I have written the php code below providing the correct security access code directly of the SES

require 'aws/aws.phar';
use Aws\Ses\SesClient;

//More code here

$client = SesClient::factory(array(
    'key' => 'xxxxxxxxxxxxx',
    'secret' => 'xxxxxxxxxxx',
    'region' => 'us-west-2',
    'version' => '2010-12-01'
));

//code to build the $msg here as array

try{
     $result = $client->sendEmail($msg);

     //save the MessageId which can be used to track the request
     $msg_id = $result->get('MessageId');
     echo("MessageId: $msg_id");

     //view sample output
     print_r($result);
} catch (Exception $e) {
     echo($e->getMessage());
}
//view the original message passed to the SDK
print_r($msg);

Thank you for your help in advance - this is always a great community!! Please let me know if i can provide anything else

John

1
phpamazon-web-servicesamazon-ec2amazon-ses

1 Answers

1
votes

You can provide credentials to your SDK using multiple methods. See the documentation: Providing Credentials to SDK

1) Set the environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION with the values from the IAM profile you created.

2) Instead of 1), you can also create ~/.aws/credentials file. Here you can add the lines:
[default]
aws_access_key_id = YOUR_AWS_ACCESS_KEY_ID
aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY
aws_default_region = the region

1) or 2) will definitely work and it is straight forward.

3) You can also create instance profile. You need to create IAM role and instance profile. Your instance needs to have instance profile assigned when it is being created. See page 183 (as indicated on bottom of page. The topic name is "Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances") of this guide: AWS IAM User Guide to understand the steps and procedure. Here, the secret key and access key are automatically picked up and you don't have to do anything. You just need to set default region using step 1) (i.e, export AWS_DEFAULT_REGION=someregion).

4) You have already tried the 4th method and may be there is some issue in your settings which I am not aware of.