I am creating EC2 Instances using AWS PHP SDK. When I try to create an instance in Frankfurt region the API gives me authentication error as this region supports v4 signature service.
When I try to provide 'signature' => 'v4' parameters to client factory method, I get this error
Fatal error: Call to a member function signRequest() on a non-object in \Aws\Common\Signature\SignatureListener.php on line 78
Any suggestions on what's the correct method to use signature v4. Currently I'm using this code.
Aws::factory(array(
'key' => $this->key,
'secret' => $this->secret,
'region' => $region,
'signature' => 'v4')
)->get($service, true);
Finally got it to work, basically we have to provide an Aws\Common\Signature\SignatureV4 Instance in the client factory.
'signature' => new SignatureV4()
Related
I am using the AWS facade for Laravel and I can instantiate a CloudSearchDomainClient object like this:
$c = AWS::createClient('cloudsearchdomain', ['endpoint' => '{our-endpoint}']);
But when I attempt to search like so:
$c->search(['query' => 'test']);
I get this error: Aws\CloudSearchDomain\Exception\CloudSearchDomainException with message 'Error executing "Search" on "2013-01-01/search"; AWS HTTP error: cURL error 6: Could not resolve host: 2013-01-01
It thinks the version is the endpoint.
I have the proper .env vars, eg. AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION. I am able to use other AWS services, but CloudSearch specifically is a problem. What am I doing incorrectly?
I think you are mixing two things. An endpoint is a domain and api version is a date. So it should be more like this:
$c = AWS::createClient(
'cloudsearchdomain',
[
'endpoint' => 'https://example.com',
'apiVersion' => '2013-01-01',
]
);
I'm connecting to Amazon SES via this php-code
$ses = new SesClient([
'credentials' => [
'key' => KEY,
'secret' => SECRET_KEY,
],
'region' => REGION,
'version' => SES_VERSION,
]);
How can I recognize here, whether constants KEY and SECRET_KEY are valid or invalid (such as wrong, inputed with typos and so on) ?
Is there any method in AWS SDK to verify it ?
I use the Python call get_user(). With no arguments, this call will return the user name based on the access key ID. This validates that the credentials are correct. This technique is not bulletproof, but does provide a simple, quick method. You can test this concept with the CLI aws iam get-user.
Python IAM get_user()
How can an item in S3 be updated with 'public-read' using the new AWS S3 PHP SDK: It would seem it is only possible to GET and PUT? http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.S3.S3Client.html
The iterator returns an array, not a class. Get object returns a class, but there are no obvious methods to update. CopyObject seems a bit of a hack?
$s3->copyObject(array(
'Bucket' => 'media',
'Key' => $k,
'CopySource' => 'media'.'/'.$k,
'ACL' => 'public-read',
));
returns:
PHP Fatal error: Uncaught Aws\S3\Exception\InvalidRequestException: AWS Error Code: InvalidRequest, Status Code: 400, AWS Request ID: FC630F89A049823A, AWS Error Type: client, AWS Error Message: This copy request is illegal because it is trying to copy an object to itself without changing the object's metadata, storage class, website redirect location or encryption attributes., User-Agent: aws-sdk-php2/2.5.3 Guzzle/3.8.1 curl/7.35.0 PHP/5.5.9-1ubuntu4.4 thrown in /.../vendor/aws/aws-sdk-php/src/Aws/Common/Exception/NamespaceExceptionFactory.php on line 91
Better late than never.
$s3Client->putObjectAcl(array(
'Bucket' => 'yourbucket',
'Key' => 'yourkey',
'ACL' => 'public-read'
));
I have created an ec2 client using the method mentioned in the AWS docs. I am using the aws.phar file for the SDK. The ec2 client is created properly because when I var_dump the client, it returns the Ec2Client object. But when I attempt to access the describeInstanceStatus from the ec2 client it throws a You are not authorized to perform this operation. exception. This is my code.
use Aws\Ec2\Ec2Client;
require 'aws.phar';
$ec2Client = Ec2Client::factory(array(
'key' => '<aws access key>',
'secret' => '<aws secret key>',
'region' => 'us-east-1'
));
try{
$ec2Client->describeInstanceStatus(array(
'DryRun' => false,
'InstanceIds' => array('InstanceId'),
'Filters' => array(
array(
'Name' => 'availability-zone',
'Values' => array('us-east-1'),
),
),
'MaxResults' => 10,
'IncludeAllInstances' => false,
));}
catch(Exception $e){
echo $e->getMessage();
}
Please tell me where am I getting this wrong. I've tried googling it, looked in the AWS forums but to no result. Thank you.
The error is coming from the Access that you have been granted/denied via AWS IAM.
The user, whose access/secret keys you are using in the code, does not have privilege to describe instances. This privilege is configured in the IAM policy which is applied to this user.
There is nothing wrong with your code. You need to look into the IAM policy about what all privileges are granted/denied to this user.
I want to access the AWS SES Webservice to programmatically add new verified Email identities. The API reference does not give the relevant information or at least I can't find it there.
When I try to access the api I get an error due to the missing signature.
https://email.us-east-1.amazonaws.com?AWSAccessKeyId=EXAMPLEKeyId&Action=VerifyEmailIdentity&EmailAddress=someone#somewhere.org&Timestamp=2013-04-27T19:30:00Z&Version=2010-12-01&Signature=
How do I create this signature exactly, for example using php's hash_hmac()?
Do I need to hash the entire parameters using the SES secret key?
Is there a newer version of the SES API than the one documented (2010-12-01)?
You should really go through the documentation (again).
Take a look at the AWS PHP SDK which would help you a lot.
A sample implementation would be something like:
<?php
require 'aws.phar';
use Aws\Common\Enum\Region;
use Aws\Ses\SesClient;
try {
$ses = SesClient::factory(array(
'key' => 'YOUR_KEY',
'secret' => 'YOUR_SECRET',
'region' => Region::US_EAST_1
));
$ses->verifyEmailIdentity( array(
'EmailAddress' => 'the_mail_adress_to_verify#example.com'
));
}
catch( Exception $e )
{
echo $e->getMessage();
}