Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EcsCredentialProvider doesn't work for php-fpm due to missing relative uri env variable #1971

Closed
Pi-George opened this issue Feb 27, 2020 · 11 comments
Closed

EcsCredentialProvider doesn't work for php-fpm due to missing relative uri env variable #1971

Pi-George opened this issue Feb 27, 2020 · 11 comments
Assignees
@yenfryherrerafeliz
Labels
closing-soon This issue will automatically close in 4 days unless further comments are made. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@Pi-George
Copy link

Pi-George commented Feb 27, 2020
edited
Loading

https://github.com/aws/aws-sdk-php/blob/master/src/Credentials/EcsCredentialProvider.php

Environment variable doesn't exist in php-fpm runtime $AWS_CONTAINER_CREDENTIALS_RELATIVE_URI

This issue is a clone of this closed issue, however the issue shouldn't of been closed so I'm making this one #1920

This code in your entrypoint file before starting php-fpm should act as a temporary fix.

if [ -f /proc/1/environ ]; then
    # Get the ECS environment variables
    export $(strings /proc/1/environ)
    # Set the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable if it isn't already set
    if ! grep -q 'AWS_CONTAINER_CREDENTIALS_RELATIVE_URI' /etc/php/7.2/fpm/pool.d/www.conf; then
        echo "clear_env = no" >> /etc/php/7.2/fpm/pool.d/www.conf
        echo "env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI] = $AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" \
            >> /etc/php/7.2/fpm/pool.d/www.conf
    fi
else
    echo "Warning, couldn't find ECS environ file"
fi
@magnetik
Copy link

magnetik commented Apr 1, 2020

Thanks a lot for the pointer.
I've added:

echo "env[AWS_CONTAINER_CREDENTIALS_RELATIVE_URI] = $(strings /proc/1/environ | grep AWS_CONTAINER_CREDENTIALS_RELATIVE_URI | cut -d = -f2 )" >> /usr/local/etc/php-fpm.d/www.conf

to my docker entrypoint 👍

@Shardj
Copy link

Shardj commented Apr 1, 2020

I've since improved mine, if you're using ubuntu or another OS that has /etc/environment then you can do

    # Get the ECS environment variables
    export $(strings /proc/1/environ)
    # Make sure php has access to environment variables
    env > /etc/environment

As long as your php-fpm pool has clear_env = no and as long as you start php-fpm with /etc/init.d/php7.2-fpm start and not service php7.2-fpm start. No idea why service doesn't work and init.d does, but it is how it is.

@github-actions
Copy link

github-actions bot commented Apr 2, 2021

We have noticed this issue has not recieved attention in 1 year. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Apr 2, 2021
@Pi-George
Copy link
Author

Still an issue as far as I'm aware github bot

@github-actions github-actions bot removed the closing-soon This issue will automatically close in 4 days unless further comments are made. label Apr 7, 2021
@ajredniwja ajredniwja added the bug This issue is a bug. label Jun 7, 2021
@github-actions
Copy link

github-actions bot commented Jun 8, 2022

We have noticed this issue has not recieved attention in 1 year. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jun 8, 2022
@Shardj
Copy link

Shardj commented Jun 9, 2022

stop avoiding the issue bot

@github-actions github-actions bot removed the closing-soon This issue will automatically close in 4 days unless further comments are made. label Jun 10, 2022
@yenfryherrerafeliz yenfryherrerafeliz added the p3 This is a minor priority issue label Jan 2, 2023
@yenfryherrerafeliz
Copy link
Contributor

Hi @Shardj, @Pi-George, could you please elaborate more regarding why this is a bug with the PHP SDK?. For me this seems to be an issue with php-fpm and not with the SDK. The SDK expects that either AWS_CONTAINER_CREDENTIALS_FULL_URI or AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set, otherwise it will will fail. Those variables are injected by ECS when running the container, and if they are not available then it means something prevent those variables from being set. I got a similar issue in the past and I was able to provide the following workaround here that seems to aid that issue at that time.

Would you please be able to try the workaround I have provided and let me know if that works?

Thanks!

@yenfryherrerafeliz yenfryherrerafeliz self-assigned this Dec 4, 2023
@yenfryherrerafeliz yenfryherrerafeliz added response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. and removed bug This issue is a bug. p3 This is a minor priority issue labels Dec 4, 2023
@Shardj
Copy link

Shardj commented Dec 4, 2023

@yenfryherrerafeliz it's been 4 years and I've had two jobs since this issue. So I can't really be of any help here any more

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Dec 5, 2023
@yenfryherrerafeliz yenfryherrerafeliz added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Dec 5, 2023
@github-actions GitHub Actions
Copy link

This issue has not recieved a response in 1 week. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added the closing-soon This issue will automatically close in 4 days unless further comments are made. label Dec 10, 2023
@github-actions GitHub Actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@ishan-tripathi-logiclink-labs
Copy link

ishan-tripathi-logiclink-labs commented Mar 4, 2024
edited
Loading

@yenfryherrerafeliz - This issue still a ghost.... I am currently facing this with my ECS Fargate setup on PHP 8.2 Laravel 10
I have already tried your script work around but no luck. I tried SSH into the container and it shows up in both .env as well as container env.

Can you provide a solution to this ASAP

Error statement:

exception
: 
"Aws\\Exception\\CredentialsException"
file
: 
"/var/www/backend-compliance/vendor/aws/aws-sdk-php/src/Credentials/InstanceProfileProvider.php"
line
: 
293
message
: 
"Error retrieving credentials from the instance profile metadata service. (cURL error 7:  (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for http://169.254.169.254/latest/meta-data/iam/security-credentials/)"
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yenfryherrerafeliz yenfryherrerafeliz

Labels
closing-soon This issue will automatically close in 4 days unless further comments are made. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@magnetik @Shardj @ajredniwja @yenfryherrerafeliz @Pi-George @ishan-tripathi-logiclink-labs