Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upload to S3 failed - InvalidAccessKeyId #67

Closed
aristidesneto-bnw opened this issue Apr 18, 2022 · 2 comments
Closed

Upload to S3 failed - InvalidAccessKeyId #67

aristidesneto-bnw opened this issue Apr 18, 2022 · 2 comments
Labels
support Someone needs help

Comments

@aristidesneto-bnw
Copy link

aristidesneto-bnw commented Apr 18, 2022
edited
Loading

Hi, I'm using an S3 bucket to save files from Laravel application uploads. When trying to upload the file, I get the following error:

[previous exception] [object] (GuzzleHttp\\Exception\\ClientException(code: 403): Client error: `PUT https://my-bucket.s3.amazonaws.com/1077c090.png` resulted in a `403 Forbidden ` response:

<Error><Code>InvalidAccessKeyId</Code><Message>The AWS Access Key Id you provided does not exist in our records.</Message><AWSAccessKeyId>ASIAZ7N74ORBT6RJ5AAA</AWSAccessKeyId><RequestId>KFZADDG3V6QX8AAA</RequestId><HostId >IH1lvnySucUhfJBX7k2HAAA=</HostId></Error> {"userId":2,"exception":"[object] (Aws\\S3\\Exception\\S3Exception(code: 0): Error executing \"PutObject\" on \"https://my-bucket.s3.amazonaws.com/1077c090.png\"; AWS HTTP error: Client error: `PUT https://my-bucket.s3.amazonaws.com/1077c090.png` resulted in a `403 Forbidden` response:

The problem in this case is that the second error says that the access key is invalid. I don't know where he gets this key from, it's not the key I inform in the .env file.

What is this key that it displays in the error: <AWSAccessKeyId>ASIAZ7N74ORBT6RJ5AAA</AWSAccessKeyId>?
(not the original key that displays on panel, omitted characters).

Any idea what it could be?
Thanks
@mnapoli mnapoli added the support Someone needs help label Apr 19, 2022
@mnapoli
Copy link
Member

mnapoli commented Apr 19, 2022

On AWS Lambda you shouldn't set an API key explicitly, because the lambda function already has one (with permissions attached to it).

You can read https://www.serverless.com/framework/docs/providers/aws/guide/iam to learn more.

@mnapoli mnapoli closed this as completed Apr 19, 2022
@aristidesneto-bnw
Copy link
Author

The AWS API key I entered in the .env file was for access to the bucket I have already created. The .env file now looks like this, without the credentials:

AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=my-bucket

Even though I don't enter the credentials, I get the error I reported above.

The only AWS key I have is the configuration keys in ~/.aws/credentials.

As an attempt to solve it, I followed the documentation to create the bucket automatically by the lift plugin and I have the same error.

What I don't understand is the AWSAccessKeyId that is displayed in the log, I have no idea where it is.

My serverless.yml file looks like this:

iam:
         role:
             statements:
                 - Effect: Allow
                     Action: s3:*
                     Resource:
                         - 'arn:aws:s3:::my-bucket'
                         - 'arn:aws:s3:::my-bucket/*'

I do not know what else to do. I'll take a closer look at the link you gave me in the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support Someone needs help
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mnapoli @aristidesneto-bnw