AWS S3 + Instance Profile + config:cache? | Laravel | Page 1

silent meteor Oct 12, 2023, 2:14 PM

#

Hi,

I'm trying to deploy to production at AWS EC2. In accordance with the AWS best practices, the instance should have an associated IAM role with the required permissions rather than credentials themselves. We're trying to follow that practice here.

The problem is that with the following configuration:

        'upload_s3' => [
            'driver' => 's3',
            'credentials' => [
                'key' => '',
                'secret' => '',
                'provider' => CredentialProvider::memoize(
                    CredentialProvider::instanceProfile(),
                ),
            ],
            'region' => env('AWS_DEFAULT_REGION'),
            'bucket' => env('UPLOAD_BUCKET'),
            'url' => env('AWS_URL'),
            'endpoint' => env('AWS_ENDPOINT'),
            'use_path_style_endpoint' => env('AWS_USE_PATH_STYLE_ENDPOINT', false),
            'throw' => true,
        ],

The code is working as expected, but php artisan config:cache is failing with an error:

  Your configuration files are not serializable.
  // in a trace, there's a mention of some closure

The configuration is pretty big and complex, so caching the config is a must.

I've checked the FilesystemManager::createS3Driver code, it is completely not customizable. The only solution is to roll in a custom S3 driver provider that will inject the instance profile credential provider.
That solution doesn't look good, so I wanted to ask if there are any other workarounds?

Thank you.

P. S. There's a relevant issue at GH: https://github.com/aws/aws-sdk-php/issues/2290 - but it is old and dead, so I thought to ask first.

GitHub

Using AWS Instance Profile Credentials with Laravel · Issue #2290 ·...

Confirm by changing [ ] to [x] below: I've gone though Developer Guide and API reference I've checked AWS Forums and StackOverflow for answers Version of AWS SDK for PHP? 3.163.3 Version of...

frank spindle Oct 12, 2023, 2:48 PM

#

So what exactly are you trying to do here? Load the .aws.credentials file? If so, afaik the SDK will already do that for you, if set up properly
Laravel simply can't cache some values in the config, so what you're trying to do probably won't be cacheable

silent meteor Oct 12, 2023, 2:50 PM

#

no, I don't have any credentials at all (files, tokens, strings, ...). that's the point. here is the description of EC2 Role: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

IAM roles for Amazon EC2 - Amazon Elastic Compute Cloud

Allow applications to make secure API requests by creating IAM roles and assigning them to your EC2 instances.

#AWS S3 + Instance Profile + config:cache?