Error retrieving credentials from the instance profile metadata server. Laravel S3

Question

Issue

The same code, on almost identical servers, fails locally and on production, however works on our staging server. When we attempt to interact with an item in a bucket, we get an Error retrieving credentials.... - Both servers, staging and production, are deployed by Envoyer and provisioned by Forge to AWS EC2 instances. - Both instances hit the same bucket with the same bucket policy. - .env settings are same for all, minus the server name and debugging

Error on production:

Aws\Exception\CredentialsException
Error retrieving credentials from the instance profile metadata server. (cURL error 28: Connection timed out after 1003 milliseconds (see http://curl.haxx.se/libcurl/c/libcurl-errors.html))

Server settings

Staging

• Ubuntu 16.04.2 LTS on AWS
• PHP 7.1.3-3
• NPM 3.10.10
• Node v6.10.1

Production

• Ubuntu 16.04.1 LTS on AWS EC2
• PHP 7.1.6-1
• npm 3.10.10
• Node v6.10.1

Composer.json packages

"laravel/framework": "5.4.*",       // 5.4.25
"aws/aws-sdk-php-laravel": "~3.0",  // 3.1.0
"guzzlehttp/guzzle": "~6.0",        // 6.2.3

Code sample

function getPhoto($personID)
{
   $contents   = '';
   $id         = $personID;
   $cloudFront = env('AWS_CLOUDFRONT_PHOTO'); // d212rosgvhtylp.cloudfront.net
   $fileKey    = filePath($id) . '_t.jpg'; // 9ae299a1990e79d62f07c28bb60ecf6f_t.jpg
   $fileURL    = $cloudFront . '/' . filePath($id) . '_t.jpg'; // d212rosgvhtylp.cloudfront.net/9ae299a1990e79d62f07c28bb60ecf6f_t.jpg
   // check if in remote storage then get contents
   $contents = Storage::disk('s3photo')->get($fileKey); /* ****** FAILS HERE ****** */
   // stream bioPhoto
   header('Content-Type: image/jpeg');
  echo $contents;
}

Answer 1

I encountered this issue after I accedentially had entered the AWS_ACCESS_KEY_ID in the .env file twice.

.env:

AWS_ACCESS_KEY_ID=MYREALID
AWS_SECRET_ACCESS_KEY=myrealkey

...
...a lot of variables..
...

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=

The AWS sdk therefor tries to search for these credentials elsewhere, at that's have the error occures.

Answer 2

This issue may occur if you are passing the wrong ENV variables, check your config/filesystems.php:

'key'    => env('AWS_ACCESS_KEY_ID'),
'secret' => env('AWS_SECRET_ACCESS_KEY'),
'region' => env('AWS_DEFAULT_REGION'),
'bucket' => env('AWS_BUCKET'),
'url'    => env('AWS_URL'),    

See: https://github.com/laravel/laravel/blob/master/config/filesystems.php#L60

And make sure the keys are matching in your .env.

Pretty sure they changed the name in the last couple updates.

Answer 3

After ensuring your .env files contain the correct values for the AWS client, run the following command:

php artisan config:clear

This should clear up your issue if it is caused by initially having incorrect or missing env data, not sure when the cache is updated on it's own but the config cache seems to be pretty persistent.

Answer 4

I recently had this problem. In my case, it worked locally and not on the EC2 instance. I did not understand too much. In the end I realized that I had set up IAM locally in the default folder ~/.aws/credentials, so in local everything was good. So I poked in the laravel sources and I noticed that laravel was going to take the connection configs in the file services.php config folder.

Edit config/services.php and put in the AWS IAM keys.

'mailgun' => [
    'domain' => env('MAILGUN_DOMAIN'),
    'secret' => env('MAILGUN_SECRET'),
],

'ses' => [
    'key' => env('AWS_KEY'),
    'secret' => env('AWS_SECRET'),
    'region' => env('AWS_REGION'),
],

'sparkpost' => [
    'secret' => env('SPARKPOST_SECRET'),
],

'stripe' => [
    'model' => App\User::class,
    'key' => env('STRIPE_KEY'),
    'secret' => env('STRIPE_SECRET'),
],

So I saw that my .env file did not have the AWS IAM login keys, those called in the config /services.php file.

After a small adjustment everything works great.