search

kitar / laravel-dynamodb

A DynamoDB based Eloquent model and Query builder for Laravel.
MIT License
179 stars 27 forks source link

AWS IAM role auth instead of IAM credentials #42

Closed tokarev-artem closed 7 months ago

tokarev-artem commented 7 months ago

Hello, thanks for the library, works like a charm. I have an ecs container with laravel. Attached a role with dynamodb permissions I need, but looks like the library requires static AWS credentals and can't use IAM role.

Logs:

previous exception] [object] (GuzzleHttp\\Exception\\ClientException(code: 400): Client error: `POST https://dynamodb.eu-central-1.amazonaws.com` resulted in a `400 Bad Request` response:
{\"__type\":\"com.amazon.coral.service#UnrecognizedClientException\",\"message\":\"The security token included in the request i (truncated...)

File: config/database.php

        'dynamodb' => [
            'driver' => 'dynamodb',
            'key' => env('AWS_ACCESS_KEY_ID'),
            'secret' => env('AWS_SECRET_ACCESS_KEY'),
            'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
            'token' => env('AWS_SESSION_TOKEN', null),
            'endpoint' => env('DYNAMODB_ENDPOINT', null),
            'prefix' => env('DYNAMO_SUFFIX', ''),
        ],

aws environment variables

env | grep AWS
AWS_DEFAULT_REGION=eu-central-1
AWS_REGION=eu-central-1

aws cli command to get dynamodb access

 aws dynamodb scan --table-name  products
{
    "Items": [
        {
.....

Could you let me know, maybe I use it incorrectly. Didn't find anything about this issue in the documentation. Thanks

kitar commented 7 months ago

@RealArtemiy Hi, thanks for trying out this library!

Could you please see what happens if you remove the AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY from your .env file? Instead of just clearing the values, you might need to completely delete the entries.

While your situation may differ, I sometimes connect locally using AWS SSO. In these instances, I add the AWS_PROFILE above the others. If the AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY are not present, the AWS SDK automatically tries other authentication methods. For me, it checks the ~/.aws directory.

tokarev-artem commented 7 months ago

Thanks for your answer, you're right, we missed to remove empty AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY parameters from .env