0

I am using AWS CLI version 2. I am using centos > Nginx > php 7.1, Following command works fine when I directly run on command line.

aws s3 cp files/abc.pdf s3://bucketname/

but when I run same command from index.php file using following code

echo exec("aws s3 cp files/abc.pdf s3://bucketname/ 2>&1");

then it gives error

upload failed: Unable to locate credentials

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Jass
  • 3,345
  • 3
  • 24
  • 41
  • When you execute from the command-line it inherits your environment and the credentials are usually sourced from ~/.aws/credentials and ~/.aws/config files. When you run the `exec` it is probably not finding above files in that process's home folder. Check this [AWS doc] (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) for how you can specify the credentials. – vmachan Jul 22 '21 at 13:43
  • @vmachan I read above documentation that you provided and seems I need to set AWS_CONFIG_FILE but after RND and reading https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html, Still I did not get a way for that. – Jass Jul 23 '21 at 08:22
  • @vmachan I used like this to set aws configure set aws_config_file ~/.aws/config but this also did not work – Jass Jul 23 '21 at 09:50

2 Answers2

1

@Jass Add your credentials in "~/.aws/credentials" or "~/.aws/config" and make it [default] or else use profile_name incase you have multiple accounts. Also verify, if you are using keys as Environment variables by export, then it will work for that terminal only. So try to execute the php from same terminal where you exported the keys or add it in ~/.aws/credentials.

Ashish Mathai
  • 46
  • 2
  • I am not using profiles. Credentials are already in ~/.aws/credentials and ~/.aws/config and these are already set as default. Can you please let me know, How I can verify "if you are using keys as Environment variables by export, then it will work for that terminal only"? – Jass Jul 23 '21 at 08:21
  • - To check whether you exported the key **printenv | grep -i AWS** - And verify if credentials added in **User** or in **Root** and from which profile/user you are executing PHP. - As you said, you already added it in **~/.aws/credentials** then please check the user from which the PHP is executing. – Ashish Mathai Jul 23 '21 at 23:27
  • First: **printenv | grep -i AWS** does not return anything. **Second:** Are you talking about centos logged in ssh user? If yes, I search about it that how to add/verify aws s3 keys in centos logged in user but I did not get any relevant answer for that. – Jass Jul 26 '21 at 07:34
  • Check which user **whoami**, verify you already able to do **aws s3 ls** from terminal, then test with **example.php** `` execute php to test it. Before executing PHP, check **whoami** again to crosscheck from the same user you are executing this. – Ashish Mathai Jul 28 '21 at 13:27
0

I tried this and it worked for me and I believe should work for you as well. In your PHP code (index.php), try exporting the credential file location like below

echo exec("export AWS_SHARED_CREDENTIALS_FILE=/<path_to_aws_folder>/.credentials; aws s3 cp files/abc.pdf s3://bucketname/ 2>&1");

When you run from your command-line the AWS CLI picks up the credentials from your home directory i.e. ~/.aws/credentials (this is default). When the index.php is being executed it is looking for the above file in its home directory which appears is not the same as your home directory and hence cannot find the credentials. With the above change you are explicitly pointing it to your AWS credentials.

vmachan
  • 1,672
  • 1
  • 10
  • 10