Aws::Errors::MissingCredentialsError

[pablogmorales]

Hello,
I've been hitting my head against the wall for a while, I cannot authenticate using aws.config
I have the following.

Json file.
{
"AccessKeyId": "XXXXXXX",
"SecretAccessKey": "XXXXXXXXX"
}

require 'aws-sdk'
requite 'json'

sns = Aws::SNS::Resource.new(region: 'us-east-1')
topic = sns.topic('arn:aws:sns:us-east-1:xxxxxxxxxxx:Sensu-SMS')
creds = JSON.load(File.read('secrets.json'))
Aws.config[:credentials] = Aws::Credentials.new(creds['AccessKeyId'], creds['SecretAccessKey'])

puts Aws.config.inspect

topic.publish({
message: 'Hello From Sensu!'
})

Output from put, I do not see secretkey
{:credentials=>#<Aws::Credentials access_key_id="XXXXXXX">}

ruby 2.0.0p648 (2015-12-16) [x86_64-linux
aws-sdk (3.0.1)

I get the following error and the same happend if I embed the credential on the script itself like.
Aws.config.update({
credentials: Aws::Credentials.new('your_access_key_id', 'your_secret_access_key')
})

/usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/signature_v4.rb:72:in `sign_request': unable to sign request without credentials set (Aws::Errors::MissingCredentialsError

I do not know if this is a bug or what else.
Any help appreciated.
Thanks
Regards

[srchase]

@pablogmorales

Have you referred to the Configuring the AWS SDK for Ruby documentation page?

This is the suggested way to read from a specific path (using the SharedCredentials format):

shared_creds = Aws::SharedCredentials.new(path: 'my_path')
Aws.config.update(credentials: shared_creds)

If you need to read from JSON, you need to perform an update on Aws.config:

creds = JSON.load(File.read('secrets.json'))
Aws.config.update({
  credentials: Aws::Credentials.new(creds['AccessKeyId'], creds['SecretAccessKey'])
})

[pablogmorales]

Hi
I will try the shared credentials option, did not use it because I did not understand it, I guess that in my_path there should be a credentials files with the keys the same as in .aws folder. and reading from the json file is not working either as I said on the previous post.

Thanks
Regards

[pablogmorales]

Im, getting the same error:

`shared_creds = Aws::SharedCredentials.new(profile_name: 'default', path: '/etc/sensu/plugins/credentials')
Aws.config.update(credentials: shared_creds)

{:credentials=>#<Aws::SharedCredentials profile_name="default" path="/etc/sensu/plugins/credentials">}
/usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/signature_v4.rb:72:in sign_request': unable to sign request without credentials set (Aws::Errors::MissingCredentialsError) from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/signature_v4.rb:112:in apply_signature'
from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/signature_v4.rb:65:in call' from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/helpful_socket_errors.rb:10:in call'
from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/retry_errors.rb:171:in call' from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/query/handler.rb:28:in call'
from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/user_agent.rb:13:in call' from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/endpoint_pattern.rb:28:in call'
from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/endpoint_discovery.rb:78:in call' from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/seahorse/client/plugins/endpoint.rb:45:in call'
from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/param_validator.rb:24:in call' from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/seahorse/client/plugins/raise_response_errors.rb:14:in call'
from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:20:in call' from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/idempotency_token.rb:17:in call'
from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/param_converter.rb:24:in call' from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/aws-sdk-core/plugins/response_paging.rb:10:in call'
from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/seahorse/client/plugins/response_target.rb:23:in call' from /usr/local/share/gems/gems/aws-sdk-core-3.44.1/lib/seahorse/client/request.rb:70:in send_request'
from /usr/local/share/gems/gems/aws-sdk-sns-1.9.0/lib/aws-sdk-sns/client.rb:1257:in publish' from /usr/local/share/gems/gems/aws-sdk-sns-1.9.0/lib/aws-sdk-sns/topic.rb:288:in publish'
from send-sms.rb:68:in <main>'

What I do not understand is why if I use this way does not work either, the only way to make it works if exporting the variables from bash.

Aws.config.update({
credentials: Aws::Credentials.new('your_access_key_id', 'your_secret_access_key')
})

Any idea?
Thanks
regards

[pablogmorales]

I noticed that it works from the standard path, /root/.aws/credentials.

[srchase]

@pablogmorales

Are the formats of /etc/sensu/plugins/credentials and /root/.aws/credentials the same?

I would also check that you have the proper permissions for that path.

If you need additional help, Stack Overflow would be a good place using the aws-sdk-ruby tag.

[pablogmorales]

Yes, I just created .aws under root and copied the credentials file, so, the format is fine, and the permission on the alternate location are fine as well, the process is executed by sensu, so, root should be able to read it as well, and checked the execution permissions as well.

So by now, It's working like that, using /root/.aws/credentials which seems to be default.
But would like to understand why if I hardcode the keys does not work either, anyway, I do not want to hardcode credentials inside the scripts, but during the test I tried almost everything, so Im curious why it does not work.

Thanks
Regards

[srchase]

Hard coding credentials is not recommended.

This does work if needed:

Aws.config.update({
  credentials: Aws::Credentials.new('fooAccessKeyId', 'fooSecretAccessKey')
})

[srchase]

Closing this issue. Let us know if there's a need to re-open.

[gauravachatrath]

Hi,

I am facing a similar issue. I did upgraded my gems but still i got the same error

"Loading ENV vars from AWS secrets manager"
#<Aws::Errors::MissingCredentialsError: unable to sign request without credentials set>

Any suggestions how to fix it ?