How to fix no region or no credentials found errors when using aws sdk apis
Did you face missing region or credentials error any time using aws client sdk apis ?
com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain
com.amazonaws.SdkClientException: Unable to find a region via the region provider chain. Must provide an explicit region in the builder or setup environment to supply a region.
Assume you are creating a client as below without supplying any specific credentials to the client builder, the DefaultAWSCredentialsProviderChain class is used.
AmazonDynamoDB ddb = AmazonDynamoDBClientBuilder.defaultClient();
The DefaultAWSCredentialsProviderChain goes trying to find the credentials(access key, secret key and region) in the below order until it finds and returns early.If it does not find credentials in any of the below places, it throws an error.
AWS sdk client will search for the access credentials in the below order
- Environment variables–
- Java system properties–
- Web Identity Token credentials from the environment or container.
- The default credential profiles file– typically located at
- Amazon ECS container credentials
- Instance profile credentials–
You can check the docs here.
Environment or Property Variables
If you are passing credentials to your app as environment variables, try doing a dry run to see if those are accessible in code.For example in java, we can try below
If you are passing aws credentials as properties to your java app, try to test if your application is able to access the credentials as below
Note: The key names are different when you pass as properties compared to when you pass as env variables.
Also if you are using beanstalk, check this
In most cases, environment properties are passed to your application as environment variables, but the behavior is platform dependent. For example, the Java SE platform sets environment variables that you retrieve with
System.getenv, while the Tomcat platform sets Java system properties that you retrieve with
System.getProperty. In general, properties are not visible if you connect to an instance and run
If you using credentials from file check if you have properly configured aws credentials using cli.
# lists all the existing profiles.
aws configure list
If the output of the above command does not have region configured, use aws cli to set region.
Also ensure that if you are using a custom profile in your code, that profile is listed above.Generally when you configure cli without a profile name, default profile is assumed.So when you don’t mention profile api calls, the default profile is used.Check if your default profile has required access permissions to aws resources.
Check the user your application is running as and also that user has aws profile configured and not the logged in user.
If your application is run as user x, ensure /home/x/.aws is present and is having required permissions.
Below command will make user x the owner of the aws config directory.
chown x /home/x/.aws
Note: If you are using tomcat, ensure the credentials file is present in the directory of the tomcat user i.e the user tomcat is run as.You can check which user tomcat is running as by using ps -ef or the tomcat service file if you are running it as a system service.