- 最新
- 最多得票
- 最多評論
Probably one of your calls (SES) is working using temporary credentials from instance profile and not the hardcoded credentials? To narrow down this you can try to run some commands using those credentials from local CLI to see if they are accepted or no. BTW it's a good practice to use temp credentials from instance profile instead of putting credentials inside your code, so probably you can re-write your app to use that (if you use AWS PHP SDK that is very simple).
For sure there is something wrong with the credentials. Please check this article.
It's hard to tell more without seeing the code, but it looks like there is something different in access keys for SES and SQS. I think you should debug it and check if it's properly passed to the SQS client.
Thank you for your response. I dumped the Credentials object following the 'set_region' call for both the SQS and SES routines. They appeared identical. Interesting that the SQS & SES return different values for api version and auth class. SQS api_version:2011-10-01 SQS auth_class:AuthV2Query SQS credentials: [default_cache_config] => [certificate_authority] =>false [key] => AKIAblahblah [secret] => blahblah
SES api_version:2010-12-01 SES auth_class:AuthV4Query SES credentials: [default_cache_config] => [certificate_authority] =>false [key] => AKIAblahblahblah [secret] => blahblah
相關內容
- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 7 個月前
Thank you for your response. I dumped the Credentials object following the 'set_region' call for both the SQS and SES routines. It appears they are both using keyid , not the temp credentials. Only using hardcoded creds for this POC, will use more secure method later. SQS api_version:2011-10-01 SQS auth_class:AuthV2Query SQS credentials: default_cache_config => certificate_authority =>false key => AKIAblahblah secret => blahblah
SES api_version:2010-12-01 SES auth_class:AuthV4Query SES credentials: default_cache_config => certificate_authority =>false key => AKIAblahblah secret => blahblah
I agree with using temp credentials from instance profile. Tried it briefly, but got this error: "No credentials were provided. The SDK attempted to retrieve Instance Profile credentials from the EC2 Instance Metadata Service, but failed to do so. Instance profile credentials are only accessible on EC2 instances configured with a specific IAM role."
I have the Elasticbeanstalk environment set to: IAM instance profile: aws-elasticbeanstalk-ec2-role Service role: arn:aws:iam::111112345678:role/aws-elasticbeanstalk-service-role