Unable to load AWS credentials from the /AwsCredentials.properties file on the classpath

Question

Using this code for setting the class path

AWSCredentialsProvider credentialsProvider = new ClasspathPropertiesFileCredentialsProvider();
ec2 = new AmazonEC2Client(credentialsProvider);

Below is the format for AwsCredentials.properties file

# Fill in your AWS Access Key ID and Secret Access Key
# http://aws.amazon.com/security-credentials
accessKey = keyHere
secretKey = secretKeyHere

Below is the exception I am getting

Exception in thread "main" com.amazonaws.AmazonClientException: Unable to load AWS credentials from the /AwsCredentials.properties file on the classpath

    at com.amazonaws.auth.ClasspathPropertiesFileCredentialsProvider.getCredentials(ClasspathPropertiesFileCredentialsProvider.java:81)
    at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:8359)

Answer 1

I got this same error message when one of my Elastic Beanstalk apps was trying to write to a table in DynamoDB. For whatever reason (legacy setup?) IMDSv1 needed to be activated for the credentials to work, and then everything worked again.

I am sure something to be done about only using IMDSv2 however, some times you just need to get people working again!

Answer 2

In my case I was deploying my webapp inside a docker. I was setting:

ENV AWS_ACCESS_KEY_ID=blahblah%&/(
ENV AWS_SECRET_ACCESS_KEY=supersecret%&/(

but I still got errors, I got fixed this by adding

cloud.aws.credentials.useDefaultAwsCredentialsChain=true

inside application.properties

Answer 3

You can use DefaultAwsCredentialsProviderChain(), which according to the documentation, looks for credentials in this order:

1. Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY (recommended since they are recognized by all AWS SDKs and CLI except for .NET), or AWS_ACCESS_KEY and AWS_SECRET_KEY (only recognized by the Java SDK)
2. Java System Properties - aws.accessKeyId and aws.secretAccessKey
3. Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
4. Instance profile credentials delivered through the Amazon EC2 metadata service

Answer 4

You can access your credantials with this code If you already signed in to AWS CLI.

  DefaultAWSCredentialsProviderChain props = new DefaultAWSCredentialsProviderChain();

  AWSCredentials credentials = props.getCredentials();

  final String AWS_ACCESS_KEY_ID = credentials.getAWSAccessKeyId();
  final String AWS_SECRET_ACCESS_KEY = credentials.getAWSSecretKey();

Answer 5

In my case it was way sillier - I changed the system time to test run and trigger a cron job. The mismatch between system time and AWS's other components caused the issue.

Answer 6

Example java code:

        //DATA//
        //get from: https://console.aws.amazon.com/iam/home?#/security_credentials -> Access keys (access key ID and secret access key) -> Generate key if not exists
        String accessKey;
        String secretKey;
        Regions region = Regions.AP_SOUTH_1; //get from "https://ap-south-1.console.aws.amazon.com/lambda/" > your function > ARN at top right
        
        //CODE//
        AWSLambda awsLambda = AWSLambdaClientBuilder.standard()
                .withCredentials(new AWSStaticCredentialsProvider(new BasicAWSCredentials(accessKey, secretKey)))
                .withRegion(region)
                .build();

        List<FunctionConfiguration> functionList= awsLambda.listFunctions().getFunctions();
        for (FunctionConfiguration functConfig : functionList) {
           System.out.println("FunctionName="+functConfig.getFunctionName());
        }

Answer 7

If you are using Java and Springboot and want to do it in the code, the below configuration will work.

When building EC2 Client, Add the Credential Provider

 Region region = Region.US_EAST_1;
 Ec2Client ec2 = Ec2Client.builder()
            .httpClientBuilder(new DefaultSdkHttpClientBuilder())
            .credentialsProvider(SystemPropertyCredentialsProvider.create())
            .region(region)
            .build();

In the Application Start up,

@Value("${aws.accessKeyId}")
private String accessKey;

@Value("${aws.secretKey}")
private String secretKey;

@PostConstruct
public void setSystemProperty(){
    SystemPropertiesCredentialsProvider systemPropertiesCredentialsProvider=new SystemPropertiesCredentialsProvider();

    System.setProperty("aws.accessKeyId",accessKey);
    System.setProperty("aws.secretAccessKey",secretKey);
}

In application.properties file,

aws.accessKeyId=
aws.secretKey=

Answer 8

A java program to set AWS environment vairiable.

Map<String, String> environment = new HashMap<String, String>();
        environment.put("AWS_ACCESS_KEY_ID", "*****************");
        environment.put("AWS_SECRET_KEY", "*************************");

private static void setEnv(Map<String, String> newenv) throws Exception {
        try {
            Class<?> processEnvironmentClass = Class.forName("java.lang.ProcessEnvironment");
            Field theEnvironmentField = processEnvironmentClass.getDeclaredField("theEnvironment");
            theEnvironmentField.setAccessible(true);
            Map<String, String> env = (Map<String, String>) theEnvironmentField.get(null);
            env.putAll(newenv);
            Field theCaseInsensitiveEnvironmentField = processEnvironmentClass.getDeclaredField("theCaseInsensitiveEnvironment");
            theCaseInsensitiveEnvironmentField.setAccessible(true);
            Map<String, String> cienv = (Map<String, String>) theCaseInsensitiveEnvironmentField.get(null);
            cienv.putAll(newenv);
        } catch (NoSuchFieldException e) {
            Class[] classes = Collections.class.getDeclaredClasses();
            Map<String, String> env = System.getenv();
            for (Class cl : classes) {
                if ("java.util.Collections$UnmodifiableMap".equals(cl.getName())) {
                    Field field = cl.getDeclaredField("m");
                    field.setAccessible(true);
                    Object obj = field.get(env);
                    Map<String, String> map = (Map<String, String>) obj;
                    map.clear();
                    map.putAll(newenv);
                }
            }
        }
    }

Answer 9

In a Linux server, using default implementation of ses will expect files in .aws/credentials file. You can put following content in credential file at the location below and it will work. /home/local/<your service account>/.aws/credentials.

[default]
aws_access_key_id=<your access key>
aws_secret_access_key=<your secret access key>

Answer 10

There are many correct answer above. Specifically in Windows, when you don't have ~/.aws/ folder exist and you need to create the new one, it turned out to be another problem, meaning if you just type ".aws" as name, it will error out and will not allow you create the folder with name ".aws".

Here is trick to overcome that, i.e. type in ".aws." meaning dot at the start and dot at the end. Then only windows will accept the name. This has happened with me, so providing an answer here. SO that it may be helpful to others.

Answer 11

If you're wanting to use Environment variables using apache/tomcat, I found that the only way they could be found was setting them in tomcat/bin/setenv.sh (where catalina_opts are set - might be catalina.sh in your setup)

export AWS_ACCESS_KEY_ID=*********;

export AWS_SECRET_ACCESS_KEY=**************;

If you're using ubuntu, try logging in as ubuntu $printenv then log in as root $printenv, the environmental variables won't necessarily be the same....

If you only want to use environmental variables you can use: com.amazonaws.auth.EnvironmentVariableCredentialsProvider

instead of:

com.amazonaws.auth.DefaultAWSCredentialsProviderChain

(which by default checks all 4 possible locations)

anyway after hours of trying to figure out why my environmental variables weren't being found...this worked for me.

Answer 12

Since AmazonDynamoDBClient(credentials) is deprecated i use this.

init {
        val cp= AWSStaticCredentialsProvider(BasicAWSCredentials(ACCESS_KEY, SECRET_KEY))
        val client = AmazonDynamoDBClientBuilder.standard().withCredentials(cp).withRegion(Regions.US_EAST_1).build()
        dynamoDB = DynamoDB(client)
    }

Answer 13

AWSCredentialsProvider credentialsProvider = new ProfileCredentialsProvider();
new AmazonEC2Client(credentialsProvider)

.aws/credentials

[default]
aws_access_key_id =
aws_secret_access_key = 

Answer 14

If you use the credential file at ~/.aws/credentials and use the default profile as below:

[default]
aws_access_key_id=<your access key>
aws_secret_access_key=<your secret access key>

You do not need to use BasicAWSCredential or AWSCredentialsProvider. The SDK can pick up the credentials from the default profile, just by initializing the client object with the default constructor. Example below:

AmazonEC2Client ec2Client = new AmazonEC2Client();

In addition sometime you would need to initialize the client with the ClientConfiguration to provide proxy settings etc. Example below.

ClientConfiguration clientConfiguration = new ClientConfiguration();
clientConfiguration.setProxyHost("proxyhost");
clientConfiguration.setProxyPort(proxyport);
AmazonEC2Client ec2Client = new AmazonEC2Client(clientConfiguration);

Answer 15

I made the connection using a different approach:

BasicAWSCredentials credentials = new BasicAWSCredentials(ACCESS_KEY, SECRET_KEY);
AmazonDynamoDBClient client = new AmazonDynamoDBClient(credentials).withRegion(Regions.US_EAST_1);
DynamoDB dynamoDB = new DynamoDB(client);

The access key and the secret key can be created in the Identity and Access Management console. I hope it helps...

Answer 16

You are getting this exception because your AWS SDK is unable to load your credentials. What you should do is goto Preferences then goto AWS and add your secret key and access key. So that your project can retrieve both keys.

Answer 17

Try this for the file format:

[default]
aws_access_key_id=<your access key>
aws_secret_access_key=<your secret access key>

I saved this file as ~/.aws/credentials with ProfileCredentialsProvider().