PhoenixKit.AWS.CredentialsVerifier (phoenix_kit v1.5.1)
View SourceAWS credentials verification module.
This module provides functionality to:
- Validate AWS Access Key ID and Secret Access Key format
- Verify credential connectivity via AWS STS GetCallerIdentity
- List available AWS regions
- Check minimal required permissions for email operations
Features
- Credential Validation: Basic format validation for access key and secret
- Connectivity Testing: Verify credentials can make AWS API calls
- Region Discovery: List available regions for the AWS account
- Permission Checks: Validate access to SQS, SNS, and SES services
- Error Handling: Detailed error messages for common issues
Usage
# Basic credential verification
PhoenixKit.AWS.CredentialsVerifier.verify_credentials(
access_key_id: "AKIA...",
secret_access_key: "****************",
region: "eu-north-1"
)
# Get available regions
PhoenixKit.AWS.CredentialsVerifier.get_available_regions(
access_key_id: "AKIA...",
secret_access_key: "****************",
region: "eu-north-1"
)Summary
Functions
Performs basic AWS permissions check using List operations.
Gets list of available AWS regions for the account.
Verifies AWS credentials using STS GetCallerIdentity.
Functions
Performs basic AWS permissions check using List operations.
⚠️ Important Disclaimer:
- This checks READ permissions (List operations), NOT CREATE permissions
ListQueuesdoes NOT guaranteeCreateQueuepermissionListTopicsdoes NOT guaranteeCreateTopicpermission- Actual CREATE permissions are verified during "Setup AWS Infrastructure"
This provides a basic sanity check that credentials have SOME access to required services.
Checked Operations
- SQS:
ListQueues(indicates basic SQS access) - SNS:
ListTopics(indicates basic SNS access) - SES:
ListConfigurationSets(indicates basic SES access) - EC2:
DescribeRegions(optional - for auto-loading regions feature)
Parameters
access_key_id: AWS Access Key ID (string)secret_access_key: AWS Secret Access Key (string)region: AWS region (string)
Returns
{:ok, permissions_map}where permissions_map is:%{ sqs: %{"ListQueues" => :granted | :denied}, sns: %{"ListTopics" => :granted | :denied}, ses: %{"ListConfigurationSets" => :granted | :denied}, ec2: %{"DescribeRegions" => :granted | :denied, optional: true} }{:error, reason}if configuration fails
Gets list of available AWS regions for the account.
Parameters
access_key_id: AWS Access Key ID (string)secret_access_key: AWS Secret Access Key (string)region: AWS region (string)
Returns
{:ok, [region_names]}on success{:error, reason}on failure
Verifies AWS credentials using STS GetCallerIdentity.
Parameters
access_key_id: AWS Access Key ID (string)secret_access_key: AWS Secret Access Key (string)region: AWS region (string)
Returns
{:ok, %{access_key_id: string, user_id: string, account_id: string, arn: string}}on success{:error, :invalid_credentials}for format issues{:error, :authentication_failed}for invalid credentials{:error, :network_error}for connectivity issues{:error, rate_limited}for AWS rate limiting