Botocore not able to use credentials on EC2 instance



When running on a local machine, botocore (used via aioboto3 wrapper), is able to access the credentials I provide it via environment variables. However, when running the same code on an EC2 instance, it is unable to use AWS services.

The service it is using is AWS Kinesis Firehose. The IAM role attached to the EC2 instance has the permission "AmazonKinesisFirehoseFullAccess" attached to it. When running the code, the following botocore error is raised:

botocore.exceptions.NoCredentialsError: Unable to locate credentials

However, the IAM role is there:

$aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************.... iam-role
secret_key ****************.... iam-role
region us-east-1 config-file ~/.aws/config

And I can connect to Firehose using the CLIE:

$ aws firehose list-delivery-streams
"DeliveryStreamNames": [
"HasMoreDeliveryStreams": false

Setting the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY changes nothing.

Putting an access key and secret into the resource creation method directly changes the error to:

botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the PutRecord operation: The security token included in the request is invalid.

Which is a strange error, because the keymaterial provided has administrative access.

I would have thought this an issue with the library but again, none of this is an issue when running the code outside of an EC2.

If I run the code is run against S3 instead of Firehose on EC2, this is not an issue.

asked 2 years ago799 views
1 Answer

if you are able to run the cli on the same box on which the python script it being run and it works, you have your iam profile setup correctly (assuming you don't have an ~/.aws/credentials file in there.

I assume this is not a container?

If not, then this is an issue likely with your code. Can you share the relevant part of your python code, as well as the python code for s3 that is working?

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions