i am getting the below error while creating an instance in AWS through eclipse.
exception in thread "main" com.amazonaws.AmazonClientException: Unable to load AWS credentials from any provider in the chain
at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:117)
at com.amazonaws.services.opsworks.AWSOpsWorksClient.invoke(AWSOpsWorksClient.java:3574)
at com.amazonaws.services.opsworks.AWSOpsWorksClient.createInstance(AWSOpsWorksClient.java:2098)
at AwsConsoleApp.main(AwsConsoleApp.java:154)
my code reads:
String az=new String("ec2.us-east-1.amazonaws.com");
cir.setAvailabilityZone(az);
String ami_id=new String("ami-864d84ee");
cir.setAmiId(ami_id);
CreateInstanceResult cr=awoc.createInstance(cir);
please hep me on this.
Looks like you need to provide your credentials to access your AWS account:
http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/credentials.html
Related
I am trying to get AWS Sagemaker to run locally. I found this jupyter notebook
https://gitlab.com/juliensimon/aim410/-/blob/master/local_training.ipynb
I logged into AWS via saml2aws and hence have valid credentials, entered my specific region as well as the Sagemaker Execution Role ARN and specify below the specific image I want to pull.
However when starting the .fit() i getthe following ClientError:
ClientError: An error occurred (InvalidClientTokenId) when calling the GetCallerIdentity operation: The security token included in the request is invalid.
Can someone give my a hint or suggestion how to solve this issue?
Thanks!
Try to verify your AWS credentials are setup properly, bypassing Boto3, by running a cell with something like:
!aws sagemaker list-endpoints
If this fails, then your AWS CLI credentials aren't setup correctly, or your saml2aws process, or your role has no SageMaker permissions.
I'm running Spark 2.4 on an EC2 instance. I am assuming an IAM role and setting the key/secret key/token in the sparkSession.sparkContext.hadoopConfiguration, along with the credentials provider as "org.apache.hadoop.fs.s3a.TemporaryAWSCredentialsProvider".
When I try to read a dataset from s3 (using s3a, which is also set in the hadoop config), I get an error that says
com.amazonaws.services.s3.model.AmazonS3Exception: Status Code: 403, AWS Service: Amazon S3, AWS Request ID: 7376FE009AD36330, AWS Error Code: null, AWS Error Message: Forbidden
read command:
val myData = sparkSession.read.parquet("s3a://myBucket/myKey")
I've repeatedly checked the S3 path and it's correct. My assumed IAM role has the right privileges on the S3 bucket. The only thing I can figure at this point is that spark has some sort of hidden credential chain ordering and even though I have set the credentials in the hadoop config, it is still grabbing credentials from somewhere else (my instance profile???). But I have no way to diagnose that.
Any help is appreciated. Happy to provide any more details.
spark-submit will pick up your env vars and set them as the fs.s3a access +secret + session key, overwriting any you've already set.
If you only want to use the IAM credentials, just set fs.s3a.aws.credentials.provider to com.amazonaws.auth.InstanceProfileCredentialsProvider; it'll be the only one used
Further Reading: Troubleshooting S3A
I am trying to integrate AWS PHP SDK for codeigniter
But its showing error as follows
An uncaught Exception was encountered
Type: Aws\Exception\CredentialsException
Message: Cannot read credentials from /.aws/credentials
Filename: /var/www/html/aws/Aws/Credentials/CredentialProvider.php
And on cli getting an error as
-bash: /root/.aws/credentials: Permission denied
So after this i have allowed permission ... cli error has gone but php error Cannot read credentials from /.aws/credentials still remain.
Please help to solve this issue.
Thanks!
If your are using IAM Role to EC2 Instance then there is no need of using following
'profile'=>'default',
i just remove above line which solved error "Cannot read credentials from /.aws/credentials"
Issue using an IAM role with PHP SDK
When running code on another AWS service, you do not work with key and secret, as you would on your local machine. Take a look at the answer I gave on another question.
Basically, your EC2 instance is assigned a service role. Then you would attach one or more IAM policies to that role. The IAM policies will determine what AWS resources and actions your EC2 instance can access.
In your PHP code you would instantiate your client using the CredentialProvider::defaultProvider(). If you were working with S3 for example, it would look like this.
$s3 = new S3Client([
'region' =>'us-east-1',
'credentials' => CredentialProvider::defaultProvider()
]);
When PHP is running under a service there is no "user". Therefore PHP will not attempt to access /root/.aws/credentials. If you review the error the path is /.aws/credentails.
To solve this problem create a new directory /.aws and copy the directory /root/.aws to /.aws
Improvement:
You have installed the PHP SDK inside your website root folder which makes these files accessible externally. SDKs should be installed outside of your website folders.
Below are the steps that I performed for setup :
Created a new windows server 2012 EC2 instance and then connected
with it using the remote desktop connection.
Installed EC2 config service which automatically installs
AmazonSSMAgent service.
Both EC2 and SSM services are running and in error logs, it is throwing some 'no chain provider exception' which is fine because I have not provided aws credentials yet.
Created a new IAM user and give him administrative policy access and
created three environment variables providing access_key,
secret_access_key and region_id.
Then I restarted AmazonSSMAgent service, then the exception changed to below exception:
status code: 400, request id: 400b4c75-eae2-11e7-a120-d33083d55d1f 2017-12-27 08:45:13 ERROR [HandleAwsError # awserr.go.48] [instanceID=i-084646fb32d8a7b6d] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AuthorizationFailureException:
Please suggest what i am doing wrong or any steps that i have missed or any other way to do this.
I have attached an EC2 role to the instance , to my EC2 instance and I am running my AWS JAVA SDK . When I am trying to load the credentials this way :
InstanceProfileCredentialsProvider instanceCred = new InstanceProfileCredentialsProvider();
I am getting the following error :
Exception in thread "main" com.amazonaws.AmazonClientException: Unable to load credentials.
at com.amazonaws.auth.InstanceProfileCredentialsProvider.loadCredentials(InstanceProfileCredentialsProvider.java:195)
at com.amazonaws.auth.InstanceProfileCredentialsProvider.getCredentials(InstanceProfileCredentialsProvider.java:124)
Can any suggest what I might be missing?
I was able to get around it by running the code from my EC2 instance and enhancing my code , here is the code :
String arn = "arn:aws:iam::"+accountnumber+":role/My-CrossAccount-CustomRole-ReadOnly";
InstanceProfileCredentialsProvider instanceCred = new InstanceProfileCredentialsProvider();
stscred = new STSAssumeRoleSessionCredentialsProvider(instanceCred.getCredentials(),arn,"123",clientConfiguration);
Make sure you have "sts:AssumeRole" in your role actions .