Cannot read credentials from /.aws/credentials

9
votes

I am trying to integrate AWS PHP SDK for codeigniter

But its showing error as follows

An uncaught Exception was encountered
Type: Aws\Exception\CredentialsException

Message: Cannot read credentials from /.aws/credentials

Filename: /var/www/html/aws/Aws/Credentials/CredentialProvider.php

And on cli getting an error as -bash: /root/.aws/credentials: Permission denied

So after this i have allowed permission ... cli error has gone but php error Cannot read credentials from /.aws/credentials still remain.

Please help to solve this issue.

Thanks!

3
amazon-web-servicesamazon-s3aws-sdkaws-php-sdk
what are the file permissions now and what user does CI app run on behalf of? - Alexey
It looks like the application is running as root user and /root does not have .aws. - titogeo
@titogeo for us path for aws is /home/ubuntu/.aws. - Deepali Jadhav
Is your PHP server running as root? if it is then you need /root/.aws/credentials not in /home/ubuntu/.aws - titogeo
@titogeo for us path for aws is /home/ubuntu/.aws. We can successfully get result for command root@ip-****---:~# aws configure list ... But when tried to execute command root@ip-****---:~# ~/.aws/credentials gives us an error as ===> /root/.aws/credentials: line 1: [default]: command not found /root/.aws/credentials: line 2: aws_secret_access_key: command not found /root/.aws/credentials: line 3: aws_access_key_id: command not found - Deepali Jadhav

3 Answers

20
votes

If your are using IAM Role to EC2 Instance then there is no need of using following

'profile'=>'default',

i just remove above line which solved error "Cannot read credentials from /.aws/credentials"

Issue using an IAM role with PHP SDK

4
votes

When running code on another AWS service, you do not work with key and secret, as you would on your local machine. Take a look at the answer I gave on another question.

Basically, your EC2 instance is assigned a service role. Then you would attach one or more IAM policies to that role. The IAM policies will determine what AWS resources and actions your EC2 instance can access.

In your PHP code you would instantiate your client using the CredentialProvider::defaultProvider(). If you were working with S3 for example, it would look like this.

$s3 = new S3Client([
    'region' =>'us-east-1',
    'credentials' => CredentialProvider::defaultProvider()
]);
2
votes

When PHP is running under a service there is no "user". Therefore PHP will not attempt to access /root/.aws/credentials. If you review the error the path is /.aws/credentails.

To solve this problem create a new directory /.aws and copy the directory /root/.aws to /.aws

Improvement:

You have installed the PHP SDK inside your website root folder which makes these files accessible externally. SDKs should be installed outside of your website folders.