I'm having a problem with my AWS credentials. I used the credentials file that I created on ~/.aws/credentials just as it is written on the AWS doc. However, apache just can't read it.
First, I was getting this error:
Error retrieving credentials from the instance profile metadata server. When you are not running inside of Amazon EC2, you must provide your AWS access key ID and secret access key in the "key" and "secret" options when creating a client or provide an instantiated Aws\Common\Credentials
CredentialsInterface object.
Then I tried some solutions that I found on internet. For example, I tried to check my HOME variable. It was /home/ubuntu. I tried also to move my credentials file to the /var/www directory even if it is not my web server directory. Nothing worked. I was still getting the same error.
As a second solution, I saw that we could call directly the CredentialsProvider and indicate the directory on the client.
https://forums.aws.amazon.com/thread.jspa?messageID=583216򎘰
The error changed but I couldn't make it work:
Cannot read credentials from /.aws/credentials
I saw also that we could use the default provider of the CredentialsProvider instead of indicating a path.
I tried and I keep getting the same error:
Cannot read credentials from /.aws/credentials
Just in case you need this information, I'm using aws/aws-sdk-php (3.2.5). The service I'm trying to use is the AWS Elastic Transcoder. My EC2 instance is an Ubuntu 14.04. It runs a Symfony application deployed using Capifony.
Before I try on this production server, I tried it in a development server where it works perfectly only with the ~/.aws/credentials file. This development server is exactly a copy of the production server. However, it doesn't use Capifony for the deployment. It is just a normal git clone of the project. And it has only one EBS volume while the production server has one for the OS and one for the application.
Ah! And I also checked if the permissions/owners of the credentials file were the same on both servers and they are the same. I tried a 777 to see if it could change something but nothing.
Does anybody have an idea?
Best Answer
I also got '
Cannot read credentials from /.aws/credentials' error. The solution is given in the error message./.aws/credentialsis a file and directory directly off the root directory/and this is where the SDK is looking for it. The user that Apache runs under (userapacheon centos7) does not have its own home and so there is no ~/home.Some warning about this should be in the aws docs!
Create your credentials file exactly as
/.aws/credentialsand not~/user/.aws/credentialsWorks perfectly.
If you have set selinux to enforcing then you will need to alter the security context of ./aws recursively to match that of httpd. Otherwise apache will not be able to read the credentials file.
sudo chcon -Rv --type=httpd_sys_content_t /.aws
$ ls -Z /.aws/credentials -rwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 /.aws/credentials