Hi
When running on a local machine, botocore (used via aioboto3 wrapper), is able to access the credentials I provide it via environment variables. However, when running the same code on an EC2 instance, it is unable to use AWS services.
The service it is using is AWS Kinesis Firehose. The IAM role attached to the EC2 instance has the permission "AmazonKinesisFirehoseFullAccess" attached to it. When running the code, the following botocore error is raised:
botocore.exceptions.NoCredentialsError: Unable to locate credentials
However, the IAM role is there:
$aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************.... iam-role
secret_key ****************.... iam-role
region us-east-1 config-file ~/.aws/config
And I can connect to Firehose using the CLIE:
$ aws firehose list-delivery-streams
{
"DeliveryStreamNames": [
"stream1",
"stream2"
],
"HasMoreDeliveryStreams": false
}
Setting the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY changes nothing.
Putting an access key and secret into the resource creation method directly changes the error to:
botocore.exceptions.ClientError: An error occurred (UnrecognizedClientException) when calling the PutRecord operation: The security token included in the request is invalid.
Which is a strange error, because the keymaterial provided has administrative access.
I would have thought this an issue with the library but again, none of this is an issue when running the code outside of an EC2.
If I run the code is run against S3 instead of Firehose on EC2, this is not an issue.