Cannot read credentials from /.aws/credentials

Question

I am trying to integrate AWS PHP SDK for codeigniter

But its showing error as follows

An uncaught Exception was encountered
Type: Aws\Exception\CredentialsException

Message: Cannot read credentials from /.aws/credentials

Filename: /var/www/html/aws/Aws/Credentials/CredentialProvider.php

And on cli getting an error as -bash: /root/.aws/credentials: Permission denied

So after this i have allowed permission ... cli error has gone but php error Cannot read credentials from /.aws/credentials still remain.

Please help to solve this issue.

Thanks!

what are the file permissions now and what user does CI app run on behalf of? — Alexey, Sep 19 '18 at 11:25
It looks like the application is running as root user and /root does not have `.aws`. — titogeo, Sep 19 '18 at 12:43
Is your PHP server running as root? if it is then you need `/root/.aws/credentials` not in `/home/ubuntu/.aws` — titogeo, Sep 19 '18 at 12:52
@titogeo for us path for aws is /home/ubuntu/.aws. We can successfully get result for command root@ip-****-**-**-**:~# aws configure list ... But when tried to execute command root@ip-****-**-**-**:~# ~/.aws/credentials gives us an error as ===> /root/.aws/credentials: line 1: [default]: command not found /root/.aws/credentials: line 2: aws_secret_access_key: command not found /root/.aws/credentials: line 3: aws_access_key_id: command not found — Deepali Jadhav, Sep 19 '18 at 12:56
That's the location. What is the user that is running your application? — titogeo, Sep 19 '18 at 13:03
Where are you running this code? Locally on your machine, or inside AWS (e.g. EC2). That makes a difference regarding credentials. — Olivier De Meulder, Sep 20 '18 at 00:28

score 27 · Accepted Answer · answered Sep 22 '18 at 09:16

27

If your are using IAM Role to EC2 Instance then there is no need of using following

'profile'=>'default',

i just remove above line which solved error "Cannot read credentials from /.aws/credentials"

Issue using an IAM role with PHP SDK

answered Sep 22 '18 at 09:16

Deepali Jadhav

540
2
8
18

score 4 · Answer 2 · answered Sep 20 '18 at 14:07

When running code on another AWS service, you do not work with key and secret, as you would on your local machine. Take a look at the answer I gave on another question.

Basically, your EC2 instance is assigned a service role. Then you would attach one or more IAM policies to that role. The IAM policies will determine what AWS resources and actions your EC2 instance can access.

In your PHP code you would instantiate your client using the CredentialProvider::defaultProvider(). If you were working with S3 for example, it would look like this.

$s3 = new S3Client([
    'region' =>'us-east-1',
    'credentials' => CredentialProvider::defaultProvider()
]);

score 2 · Answer 3 · answered Sep 19 '18 at 17:20

2

When PHP is running under a service there is no "user". Therefore PHP will not attempt to access /root/.aws/credentials. If you review the error the path is /.aws/credentails.

To solve this problem create a new directory /.aws and copy the directory /root/.aws to /.aws

Improvement:

You have installed the PHP SDK inside your website root folder which makes these files accessible externally. SDKs should be installed outside of your website folders.

answered Sep 19 '18 at 17:20

John Hanley

74,467
6
95
159

where to create /.aws directory – Deepali Jadhav Sep 20 '18 at 05:04
create the directory in the `/` directory. That is what `/.aws` means. – John Hanley Sep 20 '18 at 05:47
Hi thanks for your reply..i am getting same error after following steps you have mentioned... Is there any thing else need to do ..?? – Deepali Jadhav Sep 20 '18 at 06:43
This should be higher up! Thanks, it worked like a charm (local development enviro). – Steve Horvath Feb 11 '21 at 04:52

score 0 · Answer 4 · answered May 30 '23 at 14:04

For me in the development environment i didn't use iam role so didn't need to access the .aws/credentials file.

By removing the 'profile'=>'default' from the $config you tell the SDK not to look for .aws/credentials file, and then you can call the service construction with key and secret

When using'profile'=>'default', the sdk will first look for the .aws/credentials file and if not exists will throw an exception

For example :

        $config = array(
            'region'  => $region,
            'version' => $version
        );

        $credentials = new Credentials($key, $secret);
        $config['credentials'] = $credentials;
        

        $dynamoDbClient = new DynamoDbClient($config);

Cannot read credentials from /.aws/credentials

4 Answers4