How can get httpd / apache to use a specific access_key, secret_key and region?
I've used aws configure to set up the default credentials for an EC2 instance, with the default ec2-user. I can successfully retrieve these using aws configure list, and I can successfully make calls to things like aws s3api when logged in via ssh as ec2-user.
I'm running apache as httpd on the instance in question. When I try to make a call from the web application, for example using php $output = shell_exec('aws s3api Example-Commands --output text 2>&1'); I receive an error, 403 Forbidden. If I run $output = shell_exec('aws configure list --output text 2>&1'); then I see that the access_key and secret_key are not those which I supplied using aws configure. If I instead run these commands from SSH when logged in as ec2-user they work.
httpd seems to be running as user "apache" when using
[ec2-user@ip-172-26-0-172 ~]$ ps aux | egrep '(apache|httpd)'
root 7425 0.0 0.3 4***76 2***6 ? Ss Apr15 1:39 /usr/sbin/httpd
apache 9074 0.3 1.0 5***16 8***8 ? Sl 22:45 0:01 /usr/sbin/httpd
apache 9075 0.0 0.2 4***20 1***0 ? Sl 22:45 0:00 /usr/sbin/httpd
apache 9081 0.2 0.8 5***04 6***6 ? Sl 22:45 0:00 /usr/sbin/httpd
nano ~/.aws/credentials shows the credentials I had previously entered.
I wish to have httpd use the credentials that I previously supplied to aws configure, but am not sure how to do so.
Based on the comments the solution was to use environment variables so that Apache can access the credentials.
However, it should be noted that hard codding credentials on an instance is not a good practice. The recommended way is to Attach an IAM role to your existing Amazon EC2 instance:
IAM roles enable your applications running on EC2 to use temporary security credentials that AWS creates, distributes, and rotates automatically. Using temporary credentials reduces the risk of long-term key compromise..