laravel AWS PHP SDK 凭证错误 S
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30627029/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
AWS PHP SDK Credentials error S
提问by Pavan
I get the following error when trying to create an SNSClientobject.
尝试创建SNSClient对象时出现以下错误。
InstanceProfileCredentialsException in InstanceMetadataClient.php line 85: Error retrieving credentials from the instance profile metadata server. When you are not running inside of Amazon EC2, you must provide your AWS access key ID and secret access key in the "key" and "secret" options when creating a client or provide an instantiated Aws\Common\Credentials\CredentialsInterface object. (Client error response
[status code] 404
[reason phrase] Not Found
[url] http://169.254.169.254/latest/meta-data/iam/security-credentials/)
I don't understand why I have this error when I have my aws.phpin the config folder of my laravel setup. Here the access key and secret key are stored.
我不明白为什么当我aws.php在 laravel 设置的 config 文件夹中时会出现此错误。这里存储了访问密钥和秘密密钥。
I don't really like this since this causes my credentials to be stored in the folder setup where other's may SFTP into.
我不太喜欢这个,因为这会导致我的凭据存储在其他人可能通过 SFTP 进入的文件夹设置中。
What I also have is the aws credentials and config files in my server root folder, in a path like this: ~/.aws/but for some reason the application is not happy.
我还拥有服务器根文件夹中的 aws 凭据和配置文件,路径如下:~/.aws/但由于某种原因,应用程序不满意。
Here's what my code looks like:
这是我的代码的样子:
public function about(){
// Instantiate a client with the credentials from the project1 profile
$snsClient = SnsClient::factory(array(
'profile' => 'default',
'region' => 'us-west-2',
));
// Get the application's endpoints
$iOS_AppArn = "arn:aws:sns:us-west-2:235418406768:app/APNS_SANDBOX/ClashTarget";
$iOS_model = $snsClient->listEndpointsByPlatformApplication(array('PlatformApplicationArn' => $iOS_AppArn));
}
Note that I am using the defaultprofile which should take the credentials from the root aws directory where the config and credential files are stored.
请注意,我使用的default配置文件应该从存储配置和凭据文件的根 aws 目录中获取凭据。
For now, as a temporary solution I did this: http://blog.ianholden.com/aws-s3-with-php-on-apache/which makes everything work but I'm not happy having my credential keys living in the application code. It doesn't feel right.
现在,作为临时解决方案,我这样做了:http: //blog.ianholden.com/aws-s3-with-php-on-apache/这使一切正常,但我不高兴我的凭证密钥位于应用程序代码。感觉不太对。
Can someone guide me in getting this error resolved please?
有人可以指导我解决这个错误吗?
Update 1: Comment: What is the content of config at ~/.aws/This is the content of the config file in the ~/.aws/folder
更新1:评论:~/.aws/ config 的内容是什么这是文件~/.aws/夹中config文件的内容
[default]
output = json
region = us-west-2
回答by patricus
Your ~/.aws/credentialsfile should look like this:
您的~/.aws/credentials文件应如下所示:
[default]
aws_access_key_id = YOUR_AWS_ACCESS_KEY_ID
aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY
[project1]
aws_access_key_id = ANOTHER_AWS_ACCESS_KEY_ID
aws_secret_access_key = ANOTHER_AWS_SECRET_ACCESS_KEY
The following function is used by the library to determine the directory in which to look for the .aws/credentialsfile:
库使用以下函数来确定要在其中查找.aws/credentials文件的目录:
private static function getHomeDir()
{
// On Linux/Unix-like systems, use the HOME environment variable
if ($homeDir = getenv('HOME')) {
return $homeDir;
}
// Get the HOMEDRIVE and HOMEPATH values for Windows hosts
$homeDrive = getenv('HOMEDRIVE');
$homePath = getenv('HOMEPATH');
return ($homeDrive && $homePath) ? $homeDrive . $homePath : null;
}
As you can see, if the HOMEor the HOMEDRIVEand HOMEPATHenvironment variables are not set, the library will not be able to find your credentials file.
如您所见,如果未设置HOME或HOMEDRIVE和HOMEPATH环境变量,库将无法找到您的凭据文件。
In addition to being able to find the file, it also needs to be readable by PHP, and in an INI format (as described above).
除了能够找到文件外,它还需要 PHP 可读,并且是 INI 格式(如上所述)。
Edit
编辑
From comments, it sounds like the HOMEenvironment variable is not set. Because of this, the library cannot find your credentials file. There are a few options for where to go from here.
从评论中,听起来好像HOME没有设置环境变量。因此,库无法找到您的凭据文件。从这里开始有几个选择。
Option 1:
选项1:
Fix your server so that the HOME environment variable is set correctly. You will need to do some research on the best way to do this, as the solution may be highly dependent on server/apache/php configurations...
修复您的服务器,以便正确设置 HOME 环境变量。您需要对执行此操作的最佳方法进行一些研究,因为该解决方案可能高度依赖于服务器/apache/php 配置...
Option 2:
选项 2:
Since you're using Laravel 5, you can add your credentials to your .envfile, and then access them in the code. So, for example, add the following two lines to the end of your .envfile:
由于您使用的是 Laravel 5,您可以将您的凭据添加到您的.env文件中,然后在代码中访问它们。因此,例如,将以下两行添加到.env文件末尾:
AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_ACCESS_KEY
Now, in your code, you can do:
现在,在您的代码中,您可以执行以下操作:
public function about() {
// add "use Aws\Credentials\Credentials;" at the top of your file
// the env() method reads the values from the .env file. ideally you should never
// use the env() method outside of a config file, though, so I'd suggest adding
// a new config file that uses the env statements and using the config here.
$credentials = new Credentials(env('AWS_ACCESS_KEY_ID'), env('AWS_SECRET_ACCESS_KEY'));
// if using the 'credentials' key, do not use the 'profile' key
$snsClient = SnsClient::factory(array(
'region' => 'us-west-2',
'credentials' => $credentials
));
}
Option 3:
选项 3:
Call the CredentialProvider::ini()method yourself and pass in the profile and full path to your ini file. This will bypass the need for the library to try and determine the home directory.
CredentialProvider::ini()自己调用该方法并传入您的 ini 文件的配置文件和完整路径。这将绕过库尝试确定主目录的需要。
public function about() {
// add "use Aws\Credentials\CredentialProvider;" at the top of your file
// the first parameter is the profile, the second parameter is the full path to
// your credentials file. You may want to add this to your .env file, and
// access using env()/config() instead of hardcoding here, though.
$credentials = CredentialProvider::ini('default', '/root/.aws/credentials');
// if using the 'credentials' key, do not use the 'profile' key
$snsClient = SnsClient::factory(array(
'region' => 'us-west-2',
'credentials' => $credentials
));
}
回答by shadi
From @Pavan's comment on his question in which he shows the contents of the credentials file in ~/.aws, it seems that there are 2 files there. I only have onefile
从@Pavan 对他的问题的评论中,他在 中显示了凭据文件的内容~/.aws,似乎那里有 2 个文件。我只有一个文件
$ cat ~/.aws/credentials
[default]
aws_access_key_id = blablabla
aws_secret_access_key = blablabla
region = us-west-2
回答by Evgeniy Kuzmin
I can't see exactly reason why you are getting the error, but
我看不出您收到错误的确切原因,但是
I don't really like this since this causes my credentials to be stored in the folder setup where other's may SFTP into.
我不太喜欢这个,因为这会导致我的凭据存储在其他人可能通过 SFTP 进入的文件夹设置中。
I suppose you certainly need to setup IAM Role at AWS console to allow connect to SNS from your EC2 instance(s). In this way you won't need to provide any credentials
我想您肯定需要在 AWS 控制台上设置 IAM 角色以允许从您的 EC2 实例连接到 SNS。通过这种方式,您无需提供任何凭据
