I'm having a very peculiar issue with trying to connect to AWS SQS. When running this PHP code:
$client = SqsClient::factory(array(
'credentials' => [
'key' => 'somekey',
'secret' => 'somesecret'
],
'region' => 'eu-west-1',
'version' => 'latest'
));
$result = $client->receiveMessage(array(
'QueueUrl' => $queueUrl,
));
I'm getting this error:
PHP Fatal error: Uncaught exception 'Aws\Sqs\Exception\SqsException' with message 'Error executing "ReceiveMess
age" on "https://sqs.eu-west-1.amazonaws.com/189729872213/my-very-special-queue"; AWS HTTP error: Client error: 403 Inva
lidClientTokenId (client): This account is suspended - <?xml version="1.0"?><ErrorResponse xmlns="http://queue.a
mazonaws.com/doc/2012-11-05/"><Error><Type>Sender</Type><Code>InvalidClientTokenId</Code><Message>This account i
s suspended</Message><Detail/></Error><RequestId>aaf63243-6840-5b49-893a-7d66919c07da</RequestId></ErrorResponse
>'
But when I'm using boto (the Python equivalent of AWS PHP SDK) with the same credentials on the same machine it works fine! And the account is opened as expected, and I can access all the queues that are associated with it.
How can I make the PHP code work? What should I be checking?
Related
I have a working implementation of the AWS PHP SDK. Operations like $client->getUser() are working, but $client->adminCreateUser() and others are not working.
When I call $client->adminCreateUser([...]), it results in:
Error executing "AdminCreateUser" on "https://cognito-idp.ap-southeast-2.amazonaws.com"; AWS HTTP error: Client error: `POST https://cognito-idp.ap-southeast-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"MissingAuthenticationTokenException","message":"Missing Authentication Token"}
MissingAuthenticationTokenException (client): Missing Authentication Token - {"__type":"MissingAuthenticationTokenException","message":"Missing Authentication Token"}
Line 191 in /var/www/project/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php
Similar services evoked from CLI (e.g cognito-idp admin-create-user) with the exact same credentials are working.
What is causing this?
Example Details
My environment:
Ubuntu 18.04
Apache 2.4.29
PHP 7.3
aws/aws-sdk-php 3.92.3
.aws/credentials
[default]
aws_access_key_id=XXXX
aws_secret_access_key=XXXX
I am using my developer credentials
Example code:
$client = new CognitoIdentityProviderClient([
'version' => 'latest',
'region' => 'ap-southeast-2',
'credentials' => false, // Set to false to allow roles provisioned to our EC2 instances
]);
$result = $client->adminCreateUser([
'DesiredDeliveryMediums' => ['Email'],
'MessageAction' => 'RESEND',
'TemporaryPassword' => 'TemporaryPassword1234',
'UserAttributes' => [
['Name' => 'email', 'Value' => 'mailbox#domain.tld'],
],
'UserPoolId' => 'ap-southeast-2_XXXX',
'Username' => 'mailbox#domain.tld',
]);
You need to remove 'credentials' => false from your CognitoIdentityProviderClient configuration.
The adminCreateUser() operation requires a signed request (unlike operations like signUp(), which is why signUp() would work with an unsigned request but adminCreateUser() and other operations that require developer credentials won't)
From the AWS Docs
https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#admincreateuser says
AdminCreateUser requires developer credentials.
https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_configuration.html#credentials says
Pass false to use null credentials and not sign requests.
A request needs to be signed to provide developer credentials.
I have used SNS service to send SMS on mobile. I have used PHP AWS SDK to server this purpose.
I have tested script in our local server and it sends sms on mobile successfully but when i upload the script in ec2 server then it does not work.
Script hang the web page and sending sms does not work. It does not give any error and loads the page until it get timeout.
We have used http://xxxx.us-west-1.compute.amazonaws.com/ AWS ec2 instance.
My php script is as follows:
require 'vendor/aws-sdk/aws-autoloader.php';
use Aws\S3\SnsClient;
$params = array(
'credentials' => array(
'key' => AWS_ACCESS_KEY,
'secret' => AWS_SECRET_KEY,
),
'region' => 'us-east-1',
'version' => 'latest'
);
$sns = new \Aws\Sns\SnsClient($params);
$result = $sns->publish([
'Message' => "Message here", // REQUIRED
"SMSType" => "Transactional",
'PhoneNumber' => "xxxx", // phone number with country code
'MessageStructure' => 'SMS'
]);
Please suggest.
what we are doing wrong?
Is it any server configuration required to send SMS? or
Do we need to create another ec2 instance with different AWS Region?
I am doing project in Laravel. For storing images I am using aws-s3. My project working very well on godaddy server but not on digital ocean server. I am getting error as,
Aws\Sqs\Exception\SqsException: Error executing "ReceiveMessage" on "https://sqs.us-east-1.amazonaws.com/your-account-id/your-queue-name"; AWS HTTP error: Client error: `POST https://sqs.us-east-1.amazonaws.com/your-account-id/your-queue-name` resulted in a `403 Forbidden` response:
<?xml version="1.0"?><ErrorResponse xmlns="http://queue.amazonaws.com/doc/2012-11-05/"><Error><Type>Sender</Type><Code>I (truncated...)
InvalidClientTokenId (client): The security token included in the request is invalid. - <?xml version="1.0"?><Err......
Here Is a code that I used for s3 setup in my project,
filesystem.php
's3' => [
'driver' => 's3',
'key' => '************',
'secret' => '***********',
'region' => 'ap-south-1',
'bucket' => 'xyz',
'options' => [
'ServerSideEncryption' => 'AES256',
]
]
.env
QUEUE_DRIVER=redis
I am getting this error irrespective of hitting any api. I don't know where I am going wrong. Thanks in advance.
Issue is documented under aws blog,
https://aws.amazon.com/premiumsupport/knowledge-center/security-token-expired/
Please check your credentials and appropriate roles / Policies attaches to roles to access S3.
I am attempting to connect to a DynamoDB hosted on aws using php.
I am currently getting the following error:
Fatal error: Uncaught exception 'Aws\Exception\CredentialsException'
with message 'Error retrieving credentials from the instance profile
metadata server. (cURL error 28: Connection timed out after 1000
milliseconds (see
http://curl.haxx.se/libcurl/c/libcurl-errors.html))' in
C:\wamp\www\Aws\Credentials\InstanceProfileProvider.php on line 79
I've taken this to mean there are issues with my client credentials which I need to use the sdk. My credentials are coded as follows:
$client = new DynamoDbClient([
'profile' => 'my profile',
'region' => 'us-west-2',
'version' => 'latest',
'credentials' => [
'key' => 'my key',
'secret' => 'my secret key',
]
]);
From what I've seen this error usually means there is a problem with the way the credentials are formatted, but as far as I can tell I don't have that issue. I'm currently trying to run this program locally using wamp. I'm not sure what the problem is.
Please try below steps and check if it work correctly :
1) Download aws php sdk here.
2) Unzip and require autoloader.php and use dynamodb client.
require_once 'PATH/TO/aws-autoloader.php';
use Aws\DynamoDb\DynamoDbClient;
3) initiate dynamo db client
try
{
$aws = DynamoDbClient::factory(array(
'key' => $aws_key,
'secret' => $aws_access_key,
'region' => $aws_region
));
echo "Client initiated";
}
catch(Exception $e)
{
echo "Db Client initiation failed ".$e->getMessage();
}
4) Check this for api's
I am trying to configure the the amazon cloud front, I have successfully created clouldflayer url and access private s3 bucket from it via console. Now I am trying to do it by php-sdk for that I have tried following code
use Aws\CloudFront\CloudFrontClient;
$cle = new CloudFrontClient([
'version' => 'latest',
'region' => 'us-west-2',
'credentials.ini' => [
'key' => 'credentials\pk-myKey.pem',
'secret' => 'secret',
],
]);
$result = $cle->getCloudFrontOriginAccessIdentity([
'Id' => '****', // REQUIRED
]);
print_r($result);
but I am getting error
Fatal error: Uncaught exception 'Aws\CloudFront\Exception\CloudFrontException' with message 'Error executing "GetCloudFrontOriginAccessIdentity" on "https://cloudfront.amazonaws.com/2015-04-17/origin-access-identity/cloudfront/SDF345G";
AWS HTTP error: Client error: 403 SignatureDoesNotMatch (client): Credential should be scoped to a valid region, not 'us-west-2'. -
and I have tried all reason one by one but its not working
Credential should be scoped to a valid region, not 'us-west-2'.
Unlike most of AWS, CloudFront is not a regional service, it's a global one, configured and managed through us-east-1, regardless of the region where any of the related services (S3, EC2, etc.) are deployed.
'region' => 'us-east-1',