I am trying to check bucket existence on Amazon S3 using below code:
$credentials = new Aws\Common\Credentials\Credentials($creds['access_key_id'], $creds['secret_access_key']);
$client = Aws\S3\S3Client::factory(array( 'credentials' => $credentials ) );
if( ! $client->doesBucketExist($creds['bucket']) ) {
throw new Exception("Bucket (" . $creds['bucket'] . ") does not exist.");
}
It is working on localhost (wamp) but when I tried this on server it is not working. I am getting following error:
Missing required client configuration options: region: (string) A "region" configuration value is required for the "s3" service (e.g., "us-west-2"). A list of available public regions and endpoints can be found at http://docs.aws.amazon.com/general/latest/gr/rande.html. version: (string) A "version" configuration value is required. Specifying a version constraint ensures that your code will not be affected by a breaking change made to the service. For example, when using Amazon S3, you can lock your API version to "2006-03-01". Your build of the SDK has the following version(s) of "s3": * "2006-03-01" You may provide "latest" to the "version" configuration value to utilize the most recent available API version that your client's API provider can find. Note: Using 'latest' in a production application is not recommended. A list of available API versions can be found on each client's API documentation page: http://docs.aws.amazon.com/aws-sdk-php/v3/api/index.html. If you are unable to load a specific API version, then you may need to update your copy of the SDK.
I don't know why it is not working on server but same code is working on localhost.
I had the same problem and I needed to clear my config cache to fix it.
$ artisan config:clear
Set region explicitly when creating s3 client instead of relying on defaults.
use Aws\Credentials\Credentials;
use Aws\S3\S3Client;
$result = $stsClient->getSessionToken();
$credentials = new Credentials(
$result['Credentials']['AccessKeyId'],
$result['Credentials']['SecretAccessKey'],
$result['Credentials']['SessionToken']
);
$s3Client = new S3Client([
'version' => '2006-03-01',
'region' => 'us-west-2',
'credentials' => $credentials
]);
Check .env file variables are matching with filesystems.php
's3' => [
'driver' => 's3',
'key' => env('S3_KEY'),
'secret' => env('S3_SECRET'),
'region' => env('S3_REGION'),
'bucket' => env('S3_BUCKET'),
],
1) Ensure you have S3_KEY, S3_SECRET, S3_REGION, S3_BUCKET etc configured in your .env file
2) Your environment file might have changed after the autoload/caches were generated. Run:
php artisan config:cache
Related
So I have a block of code to upload an image to an S3 Bucket. It's fairly boilerplate. Works perfectly running from localhost.
I push it to my Ubuntu EC2 server, and the code fails. No error, no exceptions, Debug => true outputs nothing.. Trying to var_dump the $s3Client variable reports nothing.
E_ALL Error reporting is on
PHP 8.1.4
Nginx 1.21.6
Compatability-test.php passes successfully - all required modules enabled.
Code:
<?php
require 'S3/aws-autoloader.php';
use Aws\S3\S3Client;
use Aws\S3\Exception\S3Exception;
$bucket = 'XXXXX';
try {
//Create a S3Client
$s3Client = new S3Client([
'profile' => 'default',
'region' => 'us-east-1',
'version' => '2006-03-01',
'signature' => 'v4',
'debug' => true,
'credentials' => [
'key' => XXXXX,
'secret' => XXXXX,
]
]);
$result = $s3Client->putObject([
'Bucket' => $bucket,
'Key' => $fileName,
'SourceFile' => $filePath,
'ACL' => 'public-read'
]);
echo json_encode(array('success' => true, 'imageUrl' => $result->get('ObjectURL')));
} catch (S3Exception $exception) {
echo $exception->getMessage() . "\n";
}
Has anyone else experienced this 'quiet failure' with the AWS PHP-SDK S3?
I solved this, after 3 days. There were several problems, which I managed to solve and inspect by running the code from the PHP CLI.
First things to note:
Credentials must be stored in the /var/www/.aws/credentials file. This is where the S3Client class will look for your S3 credentials. Passing them into the S3 class instantiation does not appear to work.
Running from the CLI, indicated that I was missing the PHP module mbstring. I don't know why Amazon's compatibility-test.php file does not flag this module as missing. Go figure.
Why the script failed silently, I really don't know. Maybe some error suppression somewhere in the S3Client class. I highly recommend running from the PHP-CLI to diagnose any errors with the PHP AWS S3 SDK.
I realize this is a bit late, but I experienced a similar issue recently where specifically I did not want to use the credentials file, whereas your answer notes that the credentials must be stored in the credentials file.
In my experience, what wound up working for me was removing the 'profile' => 'default', in the s3Client creation. So like this ...
//Create a S3Client
$s3Client = new S3Client([
'region' => 'us-east-1',
'version' => '2006-03-01',
'signature' => 'v4',
'debug' => true,
'credentials' => [
'key' => XXXXX,
'secret' => XXXXX,
]
]);
So if you minimally want to use the inline credentials instead of the credentials file, this may help you out a bit.
I'm trying to use Filesystem, the implementation of league/flysystem-aws-s3-v3 with Laravel 5.1. but I can get the files from S3.
So, I coded this:
$s3 = Storage::disk('s3');
$imageName = Employee::filePath() . $employee->id . '.pdf';
if (Storage::disk('s3')->exists($imageName)) {
return response()->download(Storage::disk('s3')->get($imageName));
}
Then I get the follow error:
CredentialsException in InstanceProfileProvider.php line 79:
Error retrieving credentials from the instance profile metadata server. (cURL error 28: Connection timed out after 1001 milliseconds (see http://curl.haxx.se/libcurl/c/libcurl-errors.html))
The credential are set on config/filesystems.php, I know are good because I can put files there.
Do you have any idea?
Thanks in advance.
The problem was with my configuration, I was trying to setup with env, however for some reason doesn't load at moment of configuration, so I decide put directly on the configuration file filesystems.php
's3' => [
'driver' => 's3',
'key' => 'XXXXXXXXXX',
'secret' => 'XXXXXXXXXX',
'region' => env('S3_REGION'),
'bucket' => env('S3_BUCKET'),
],
When I deploy my application to a EC2 instance, it fails to fetch messages from my SQS queue. And instead throws an exception with the status code 403 Forbidden, access to the resource {sqs queue} is denied. However, when I run the same code from my local environment my application can fetch messages from the SQS queue.
My application uses the symfony framework and passes pre-configured AWS credentials, for a user who has access to this queue, from the parameters.yml into \Aws\Sqs\SqsClient().
If on the EC2 instance I run aws configure and configure the aws cli with the same credentials the application can pull messages from the SQS queue. I am concerned here because it is like the aws sdk is overriding the credentials I pass it.
As a example the following code even with hard coded parameters which I have checked are valid credentials, returns a 403 when ran on a EC2 instances.
$sqs = new \Aws\Sqs\SqsClient([
[
'key' => '{my key}',
'secret' => '{my secret}'
],
'region' => 'us-east-1',
'version' => 'latest'
]);
$response = $sqs->receiveMessage([
'QueueUrl' => 'https://sqs.us-east-1.amazonaws.com/{my account}/{my queue}'
]);
Does anyone have any suggestions about what may be happening here?
Try with credentials key in config.
$sqs = new \Aws\Sqs\SqsClient([
'credentials' => [
'key' => '{my key}',
'secret' => '{my secret}',
],
'region' => 'us-east-1',
'version' => 'latest'
]);
$response = $sqs->receiveMessage([
'QueueUrl' => 'https://sqs.us-east-1.amazonaws.com/{my accoun}/{my queue}'
]);
This might help you to debug your issue.
Run aws sqs list-queues on command line. If your queue not listed in the result set, that means your AWS key doesn't have permission.
Run aws sqs receive-message --queue-url <queue_url> where queue_url is your queue's complete url received from step 1. You should see all your messages in the queue.
If there are no errors in above both steps, there might be an issue in your application end.
It's a bad practice to store AWS credentials in EC2 instances, It's much better to create an IAM role with sqs:receiveMessage permission then attach that IAM role to your EC2 instance.
I've migrated servers and updated AWS phar, however once i've done that i'm getting the following error:
Fatal error: Uncaught exception 'InvalidArgumentException' with message 'Missing required client configuration options: version: (string) A "version" configuration value is required. Specifying a version constraint ensures that your code will not be affected by a breaking change made to the service. For example, when using Amazon S3, you can lock your API version to "2006-03-01". Your build of the SDK has the following version(s) of "email": * "2010-12-01" You may provide "latest" to the "version" configuration value to utilize the most recent available API version that your client's API provider can find. Note: Using 'latest' in a production application is not recommended. A list of available API versions can be found on each client's API documentation page: http://docs.aws.amazon.com/aws-sdk-php/v3/api/index.html. If you are unable to load a specific API version, then you may need to update your copy of the SDK.' in phar:////includes/3rdparty/aws/aws.phar/Aws/ in phar:////includes/3rdparty/aws/aws.phar/Aws/ClientResolver.php on line 328
I've tried adding it via different method and looking into the actual documentation without any luck.
Here's my code right now:
$client = SesClient::factory(array(
'user' => 'uuuuu',
'key' => 'aaaaa',
'secret' => 'bbbb',
'region' => 'us-east-1',
));
$client->version("2010-12-01");
//Now that you have the client ready, you can build the message
$msg = array();
//more code after this...
Any help would be appreciated!
Apparenty, the 'version' field is mandatory now, so you must pass it to the factory.
Source: http://docs.aws.amazon.com/aws-sdk-php/v3/guide/guide/migration.html
// Instantiate the client with your AWS credentials
$client = SqsClient::factory(array(
'credentials' => $credentials,
'region' => 'us-east-1',
'version' => '2012-11-05'
));
I'm in the process of migrating from Amazon S3 to Google Storage and I can't seem to get my credentials to work. Here's some sample code that I put together to test my credentials:
$client = new S3Client([
'credentials' => [
'key' => 'GOOGxxxxxxxxxxxxxxx',
'secret' => 'ZfcOTxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
],
'region' => 'US',
'version' => 'latest',
'endpoint' => 'https://storage.googleapis.com',
]);
try {
$result = $client->putObject(array(
'Bucket' => 'devtest',
'Key' => 'test',
'Body' => 'Hello world'
));
echo $result['ObjectURL'];
} catch (\Aws\S3\Exception\S3Exception $e) {
// The AWS error code (e.g., )
echo $e->getAwsErrorCode() . "\n";
// The bucket couldn't be created
echo $e->getMessage() . "\n";
}
Here's what I get back:
InvalidSecurity Error executing "PutObject" on "https://storage.googleapis.com/devtest/test"; AWS HTTP error: Client error response [url] https://storage.googleapis.com/devtest/test [status code] 403 [reason phrase] Forbidden InvalidSecurity (client): The provided security credentials are not valid. - InvalidSecurityThe provided security credentials are not valid.
Incorrect Authorization header
I've tried googling 100 different combinations of this issue and can't find anything. I have Interoperability enabled, at least I think I do since I don't think I can get the key/secret without it being enabled first. And I have the Google Storage API enabled.
Any help would be greatly appreciated.
Edit: here's the Authentication Header in case that helps:
AWS4-HMAC-SHA256
Credential=GOOGGUxxxxxxxxxxx/20150611/US/s3/aws4_request,
SignedHeaders=host;x-amz-content-sha256;x-amz-date,
Signature=9c7de4xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I noticed it stays "aws4_request" even when I specify 'signature' => 'v2'. Not sure if that matters.
I took a look at the S3Client code and it doesn't use the 'signature' config key as far as I can tell. The only thing I found was 'signature_version' which when set to v2, I get this error:
Unable to resolve a signature for v2/s3/US. Valid signature versions include v4 and anonymous.
I'm using Laravel 5.1 with composer package aws/aws-sdk-php version 3.0.3
Any ideas?
S3 only supports v4 signatures, and this requirement is enforced by the PHP SDK. It seems that Google Cloud Storage only supports v2 signing, so you wouldn't be able to use the same library to talk to both. Google does provide their own PHP SDK, which might make talking to Cloud Storage a bit easier.