search

laravel-notification-channels / aws-sns

AWS SNS notification channel for Laravel
https://laravel-notification-channels.com/aws-sns
MIT License
50 stars 9 forks source link

Passing correct credentials to SNS #8

Closed mihan007 closed 4 years ago

mihan007 commented 4 years ago

At https://laravel-notification-channels.com/aws-sns/#setting-up-the-aws-sns-service the way to pass credentials to Amazon doesn't work as expected. If you pass credentials like show at documents then in real life Amazon won't use it but will use env params AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. We faced to it when were trying to use different users for S3 and SES and create another env variables for SNS like AWS_SNS_ACCESS_KEY_ID and AWS_SNS_SECRET_ACCESS_KEY. Sending sms was failing with error "Wrong credentials"

'sns' => [
        'key' => env('AWS_ACCESS_KEY_ID'),
        'secret' => env('AWS_SECRET_ACCESS_KEY'),
        'region' => env('AWS_DEFAULT_REGION', 'us-east-1'),
        'version' => 'latest',
    ],

Digging into AwsClient I found next way to pass credentials for SNS. And it works as expected

'sns' => [
        'credentials' => [
            'key' => env('AWS_SNS_ACCESS_KEY_ID'), //any env name here
            'secret' => env('AWS_SNS_SECRET_ACCESS_KEY'), //any env name here
        ],
        'region' => env('AWS_DEFAULT_REGION'),
        'version' => 'latest'
],

I would be happy to get feedback. I may did something wrong but I know that my way of providing credentials works at my current project. I hope it helps somebody who will face to the issue with different IAM users for different AWS services.

claudsonm commented 4 years ago

I didn't get it.

If you pass credentials like show at documents then in real life Amazon won't use it but will use env params AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

That's exactly the expected behavior. It will use the values from those variables, which match the same ones used by Laravel out of the box.

We faced to it when were trying to use different users for S3 and SES and create another env variables for SNS

Completely fine to have different key pairs for different services. We use the same variables that Laravel uses for convenience. But if you want to use another one it's ok. That's why we have the config/services.php file. If you want another one, just replace it in there.

When the AWS SNS Client is instantiated we pass the values from the config, as you can see here. I have a few applications in production and everything is fine, but I see one problem that might appear. If AWS change the implementation regarding the array accept in the constructor, we will have to do it as well. Probably because we are using the version as latest.

If possible, please provide the steps to reproduce in a clean Laravel installation so I can dig a bit more.

mihan007 commented 4 years ago

@claudsonm Hi! I'm sorry I just passed this project to the client and he've updated credentials. I don't know new ones. You may close it. I think if someone will face same issue we may reopen it any time.