how do you use IAM roles

[RRcwhiting]

Describe the bug

In the readme it makes a quick reference to instance profiles & EC2's IMDS.

how do I use AWS environment variables to run Symfony as an AWS role?

is it still credentials: ~? is it unsupported?

Expected Behavior

I expect to be able to have the key and ID be blank and have the SDK work like every other AWS SDK.

Current Behavior

Cannot autowire service "App\Service\Aws": argument "$access_key" of method "__construct()" has no type-hint, you should configure its value explicitly.

Reproduction Steps

leave the AWS autowire/configuration sections blank.

Possible Solution

documentation updates, and a default method for when the config is blank to use the SDK's autoresolve.

Additional Information/Context

No response

SDK version used

3.187.3

Environment details (OS name and version, etc.)

Fedora Linux

[kaznovac]

Cannot autowire service "App\Service\Aws": argument "$access_key" of method "__construct()" has no type-hint, you should configure its value explicitly.

this is related to instantiation of your App\Services\Aws service not the AwsSdk bundle

please check the $access_key and set it in the services DI

[RRcwhiting]

so, the SDK standard is that you shouldn't need to set anything, and it will use the instance credentials instead. https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/hello.html (notice how they don't set the credentials when they make the new client)

I'm guessing that process is to set the credentials as null or ~, and there's a bug somewhere.

[kaznovac]

Yes, but please note that you need to leave out the credentials array entirely, otherwise it will try to use the given data (regardless of being null)

If you want to know more about the Credential load process you can start from this method: https://github.com/aws/aws-sdk-php/blob/881b76be0af3324655119799ed33f39adb799a12/src/Credentials/CredentialProvider.php#L55-L140

[yenfryherrerafeliz]

Hi @kaznovac, @RRcwhiting if you do not set any credentials then, the SDK will do the default resolution, which if running on ECS or EC2 will probably end up using either Aws\Credentials\CredentialProvider::ecs or Aws\Credentials\CredentialProvider::instanceProfile credential provider, so I am not sure what is the reported issue here. Can you please elaborate more so we can better assist you?

Thanks!

[RRcwhiting]

@yenfryherrerafeliz documentation clarification on the readme, I suppose.

[yenfryherrerafeliz]

@RRcwhiting, I understand now. Yeah, I agree. I will mark this issue with a needs-review label so we can further address this.

Thanks!

[RanVaknin]

Hi there,

I'm going through the correspondence here and It was difficult to boil down the ask for documentation. The credential providers that the AWS SDKs use should behave the same across all SDK languages. Because of this, the topic of credential providers are highly discussed and documented both in general AWS docs, and PHP specific documentation.

The aws-sdk-php-symfony repo is not unique in that it uses the PHP SDK for credential management. The PHP SDK's developer guide has a whole section about credential management and different scenarios. For your specific use case, it seems like this is the most appropriate bit of documentation: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials_assume_role.html

Can you please review this and let me know if this helps unblock you, or I have misunderstood the ask?

Thanks, Ran~

[github-actions[bot]]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.