AWS IAM role auth instead of IAM credentials
Closed this issue · 2 comments
Hello, thanks for the library, works like a charm.
I have an ecs container with laravel.
Attached a role with dynamodb permissions I need, but looks like the library requires static AWS credentals and can't use IAM role.
Logs:
previous exception] [object] (GuzzleHttp\\Exception\\ClientException(code: 400): Client error: `POST https://dynamodb.eu-central-1.amazonaws.com` resulted in a `400 Bad Request` response:
{\"__type\":\"com.amazon.coral.service#UnrecognizedClientException\",\"message\":\"The security token included in the request i (truncated...)
File: config/database.php
'dynamodb' => [
'driver' => 'dynamodb',
'key' => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
'token' => env('AWS_SESSION_TOKEN', null),
'endpoint' => env('DYNAMODB_ENDPOINT', null),
'prefix' => env('DYNAMO_SUFFIX', ''),
],
aws environment variables
env | grep AWS
AWS_DEFAULT_REGION=eu-central-1
AWS_REGION=eu-central-1
aws cli command to get dynamodb access
aws dynamodb scan --table-name products
{
"Items": [
{
.....
Could you let me know, maybe I use it incorrectly. Didn't find anything about this issue in the documentation. Thanks
@RealArtemiy
Hi, thanks for trying out this library!
Could you please see what happens if you remove the AWS_ACCESS_KEY
and AWS_SECRET_ACCESS_KEY
from your .env
file? Instead of just clearing the values, you might need to completely delete the entries.
While your situation may differ, I sometimes connect locally using AWS SSO. In these instances, I add the AWS_PROFILE
above the others. If the AWS_ACCESS_KEY
and AWS_SECRET_ACCESS_KEY
are not present, the AWS SDK automatically tries other authentication methods. For me, it checks the ~/.aws
directory.
Thanks for your answer, you're right, we missed to remove empty AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY parameters from .env