When creating an ExAws.request() is it possible to pass in a specific access_key_id and secret_access_key to override the existing config? For example, should something like this work?
ExAws.S3.list_buckets() |> ExAws.request([region: "us-east-2", access_key_id: "…", secret_access_key: "…"])
The documentation for ExAws.request says that it should (middle example):
Is it not working for your application?
1 Like
I was looking at that in the docs, but I wasn’t sure if passing in an access_key_id and secret_acess_key was also supported. And I ask because it’s not working as expected for me right now. I keep getting 403s on the request.
What do you get if you pass debug_requests: true to ExAws.request along with the other options?
One way I could see this situation happening is if your application-level ExAws config sets security_token but your override doesn’t say security_token: nil; you will be able to tell if this is happening if you see a X-Amz-Security-Token token header in the debug_requests output.
It doesn’t look like that’s the issue since I don’t see that header in the request output. Here’s a debugged request output with the IDs removed:
{:error,
{:http_error, 403,
%{
body: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>...</RequestId><HostId>...</HostId></Error>",
headers: [
{"x-amz-request-id", "..."},
{"x-amz-id-2",
"..."},
{"Content-Type", "application/xml"},
{"Transfer-Encoding", "chunked"},
{"Date", "Wed, 12 Oct 2022 12:43:35 GMT"},
{"Server", "AmazonS3"}
],
status_code: 403
}}}
And here’s how our ex_aws is currently configured:
config :ex_aws,
secret_access_key: [{:awscli, "profile_name", 30}],
access_key_id: [{:awscli, "profile_name", 30}],
awscli_auth_adapter: ExAws.STS.AuthCache.AssumeRoleWebIdentityAdapter
For some additional context, this access_key and secret are hosted by a third party provider.
Update: this method did in fact work. I was just using an IP address that wasn’t whitelisted.
