I am trying to configure the the amazon cloud front, I have successfully created clouldflayer url and access private s3 bucket from it via console. Now I am trying to do it by php-sdk for that I have tried following code
use Aws\CloudFront\CloudFrontClient;
$cle = new CloudFrontClient([
'version' => 'latest',
'region' => 'us-west-2',
'credentials.ini' => [
'key' => 'credentials\pk-myKey.pem',
'secret' => 'secret',
],
]);
$result = $cle->getCloudFrontOriginAccessIdentity([
'Id' => '****', // REQUIRED
]);
print_r($result);
but I am getting error
Fatal error: Uncaught exception 'Aws\CloudFront\Exception\CloudFrontException' with message 'Error executing "GetCloudFrontOriginAccessIdentity" on "https://cloudfront.amazonaws.com/2015-04-17/origin-access-identity/cloudfront/SDF345G";
AWS HTTP error: Client error: 403 SignatureDoesNotMatch (client): Credential should be scoped to a valid region, not 'us-west-2'. -
and I have tried all reason one by one but its not working
Credential should be scoped to a valid region, not 'us-west-2'.
Unlike most of AWS, CloudFront is not a regional service, it's a global one, configured and managed through us-east-1, regardless of the region where any of the related services (S3, EC2, etc.) are deployed.
'region' => 'us-east-1',
Related
I have a working implementation of the AWS PHP SDK. Operations like $client->getUser() are working, but $client->adminCreateUser() and others are not working.
When I call $client->adminCreateUser([...]), it results in:
Error executing "AdminCreateUser" on "https://cognito-idp.ap-southeast-2.amazonaws.com"; AWS HTTP error: Client error: `POST https://cognito-idp.ap-southeast-2.amazonaws.com` resulted in a `400 Bad Request` response:
{"__type":"MissingAuthenticationTokenException","message":"Missing Authentication Token"}
MissingAuthenticationTokenException (client): Missing Authentication Token - {"__type":"MissingAuthenticationTokenException","message":"Missing Authentication Token"}
Line 191 in /var/www/project/vendor/aws/aws-sdk-php/src/WrappedHttpHandler.php
Similar services evoked from CLI (e.g cognito-idp admin-create-user) with the exact same credentials are working.
What is causing this?
Example Details
My environment:
Ubuntu 18.04
Apache 2.4.29
PHP 7.3
aws/aws-sdk-php 3.92.3
.aws/credentials
[default]
aws_access_key_id=XXXX
aws_secret_access_key=XXXX
I am using my developer credentials
Example code:
$client = new CognitoIdentityProviderClient([
'version' => 'latest',
'region' => 'ap-southeast-2',
'credentials' => false, // Set to false to allow roles provisioned to our EC2 instances
]);
$result = $client->adminCreateUser([
'DesiredDeliveryMediums' => ['Email'],
'MessageAction' => 'RESEND',
'TemporaryPassword' => 'TemporaryPassword1234',
'UserAttributes' => [
['Name' => 'email', 'Value' => 'mailbox#domain.tld'],
],
'UserPoolId' => 'ap-southeast-2_XXXX',
'Username' => 'mailbox#domain.tld',
]);
You need to remove 'credentials' => false from your CognitoIdentityProviderClient configuration.
The adminCreateUser() operation requires a signed request (unlike operations like signUp(), which is why signUp() would work with an unsigned request but adminCreateUser() and other operations that require developer credentials won't)
From the AWS Docs
https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-cognito-idp-2016-04-18.html#admincreateuser says
AdminCreateUser requires developer credentials.
https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_configuration.html#credentials says
Pass false to use null credentials and not sign requests.
A request needs to be signed to provide developer credentials.
When I deploy my application to a EC2 instance, it fails to fetch messages from my SQS queue. And instead throws an exception with the status code 403 Forbidden, access to the resource {sqs queue} is denied. However, when I run the same code from my local environment my application can fetch messages from the SQS queue.
My application uses the symfony framework and passes pre-configured AWS credentials, for a user who has access to this queue, from the parameters.yml into \Aws\Sqs\SqsClient().
If on the EC2 instance I run aws configure and configure the aws cli with the same credentials the application can pull messages from the SQS queue. I am concerned here because it is like the aws sdk is overriding the credentials I pass it.
As a example the following code even with hard coded parameters which I have checked are valid credentials, returns a 403 when ran on a EC2 instances.
$sqs = new \Aws\Sqs\SqsClient([
[
'key' => '{my key}',
'secret' => '{my secret}'
],
'region' => 'us-east-1',
'version' => 'latest'
]);
$response = $sqs->receiveMessage([
'QueueUrl' => 'https://sqs.us-east-1.amazonaws.com/{my account}/{my queue}'
]);
Does anyone have any suggestions about what may be happening here?
Try with credentials key in config.
$sqs = new \Aws\Sqs\SqsClient([
'credentials' => [
'key' => '{my key}',
'secret' => '{my secret}',
],
'region' => 'us-east-1',
'version' => 'latest'
]);
$response = $sqs->receiveMessage([
'QueueUrl' => 'https://sqs.us-east-1.amazonaws.com/{my accoun}/{my queue}'
]);
This might help you to debug your issue.
Run aws sqs list-queues on command line. If your queue not listed in the result set, that means your AWS key doesn't have permission.
Run aws sqs receive-message --queue-url <queue_url> where queue_url is your queue's complete url received from step 1. You should see all your messages in the queue.
If there are no errors in above both steps, there might be an issue in your application end.
It's a bad practice to store AWS credentials in EC2 instances, It's much better to create an IAM role with sqs:receiveMessage permission then attach that IAM role to your EC2 instance.
I am attempting to connect to a DynamoDB hosted on aws using php.
I am currently getting the following error:
Fatal error: Uncaught exception 'Aws\Exception\CredentialsException'
with message 'Error retrieving credentials from the instance profile
metadata server. (cURL error 28: Connection timed out after 1000
milliseconds (see
http://curl.haxx.se/libcurl/c/libcurl-errors.html))' in
C:\wamp\www\Aws\Credentials\InstanceProfileProvider.php on line 79
I've taken this to mean there are issues with my client credentials which I need to use the sdk. My credentials are coded as follows:
$client = new DynamoDbClient([
'profile' => 'my profile',
'region' => 'us-west-2',
'version' => 'latest',
'credentials' => [
'key' => 'my key',
'secret' => 'my secret key',
]
]);
From what I've seen this error usually means there is a problem with the way the credentials are formatted, but as far as I can tell I don't have that issue. I'm currently trying to run this program locally using wamp. I'm not sure what the problem is.
Please try below steps and check if it work correctly :
1) Download aws php sdk here.
2) Unzip and require autoloader.php and use dynamodb client.
require_once 'PATH/TO/aws-autoloader.php';
use Aws\DynamoDb\DynamoDbClient;
3) initiate dynamo db client
try
{
$aws = DynamoDbClient::factory(array(
'key' => $aws_key,
'secret' => $aws_access_key,
'region' => $aws_region
));
echo "Client initiated";
}
catch(Exception $e)
{
echo "Db Client initiation failed ".$e->getMessage();
}
4) Check this for api's
I'm having a very peculiar issue with trying to connect to AWS SQS. When running this PHP code:
$client = SqsClient::factory(array(
'credentials' => [
'key' => 'somekey',
'secret' => 'somesecret'
],
'region' => 'eu-west-1',
'version' => 'latest'
));
$result = $client->receiveMessage(array(
'QueueUrl' => $queueUrl,
));
I'm getting this error:
PHP Fatal error: Uncaught exception 'Aws\Sqs\Exception\SqsException' with message 'Error executing "ReceiveMess
age" on "https://sqs.eu-west-1.amazonaws.com/189729872213/my-very-special-queue"; AWS HTTP error: Client error: 403 Inva
lidClientTokenId (client): This account is suspended - <?xml version="1.0"?><ErrorResponse xmlns="http://queue.a
mazonaws.com/doc/2012-11-05/"><Error><Type>Sender</Type><Code>InvalidClientTokenId</Code><Message>This account i
s suspended</Message><Detail/></Error><RequestId>aaf63243-6840-5b49-893a-7d66919c07da</RequestId></ErrorResponse
>'
But when I'm using boto (the Python equivalent of AWS PHP SDK) with the same credentials on the same machine it works fine! And the account is opened as expected, and I can access all the queues that are associated with it.
How can I make the PHP code work? What should I be checking?
I've migrated servers and updated AWS phar, however once i've done that i'm getting the following error:
Fatal error: Uncaught exception 'InvalidArgumentException' with message 'Missing required client configuration options: version: (string) A "version" configuration value is required. Specifying a version constraint ensures that your code will not be affected by a breaking change made to the service. For example, when using Amazon S3, you can lock your API version to "2006-03-01". Your build of the SDK has the following version(s) of "email": * "2010-12-01" You may provide "latest" to the "version" configuration value to utilize the most recent available API version that your client's API provider can find. Note: Using 'latest' in a production application is not recommended. A list of available API versions can be found on each client's API documentation page: http://docs.aws.amazon.com/aws-sdk-php/v3/api/index.html. If you are unable to load a specific API version, then you may need to update your copy of the SDK.' in phar:////includes/3rdparty/aws/aws.phar/Aws/ in phar:////includes/3rdparty/aws/aws.phar/Aws/ClientResolver.php on line 328
I've tried adding it via different method and looking into the actual documentation without any luck.
Here's my code right now:
$client = SesClient::factory(array(
'user' => 'uuuuu',
'key' => 'aaaaa',
'secret' => 'bbbb',
'region' => 'us-east-1',
));
$client->version("2010-12-01");
//Now that you have the client ready, you can build the message
$msg = array();
//more code after this...
Any help would be appreciated!
Apparenty, the 'version' field is mandatory now, so you must pass it to the factory.
Source: http://docs.aws.amazon.com/aws-sdk-php/v3/guide/guide/migration.html
// Instantiate the client with your AWS credentials
$client = SqsClient::factory(array(
'credentials' => $credentials,
'region' => 'us-east-1',
'version' => '2012-11-05'
));