I have a web application that I have built and using AWS SDK PHP and currently I pull all of my credentials in from an external config file located from within /etc/aws/creds.php (returns a php array of param values). This works just fine with the default php.ini settings (being loose and open). As I begin locking things down I am struggling with this error:
PHP Fatal error: Uncaught exception 'Aws\Common\Exception InstanceProfileCredentialsException' with message 'Error retrieving credentials from the instance profile metadata server. When you are not running inside of Amazon EC2, you must provide your AWS access key ID and secret access key in the "key" and "secret" options when creating a client or provide an instantiated Aws\Common\Credentials CredentialsInterface object.
This gets picked up in /var/log/httpd/error_log. The documentation on AWS SDK API says I have to use an .aws/credentials file for the given user. Well my user is http (for apache) and its home directory is /srv/http/. I cannot effectively put the credentials in that file as it would be publicly available to anyone on my site.
The question I have is how do I change the location for this credentials file? I need to change the location to the credentials file just so I can resolve the error, just so I can tighten up php.ini display_errors = Off so my scripts will work properly and securely. (NOTE: I know that single php.ini change isn't the holy grail to security its just the one thing hanging up my ability to entirely lock down my php.ini config).
Aucun commentaire:
Enregistrer un commentaire