Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
It is best practice to use AWS Instance Profile Credentials Provider while using AWS PHP SDK on an EC2 machine
It seems that the examples in Laravel documentation to setup SQS are still using key and secret fields instead.
I tried setting up the AWS Instance Profile Credentials Provider in queue.php using
'sqs' => [
'driver' => 'sqs',
'credentials' => CredentialProvider::memoize(CredentialProvider::instanceProfile()),
'prefix' => env('SQS_PREFIX', 'https://sqs.us-east-1.amazonaws.com/your-account-id'),
'queue' => env('SQS_QUEUE', 'your-queue-name'),
'region' => env('SQS_REGION', 'us-east-1'),
]
However, I faced this error Your configuration files are not serializable. while running php artisan config:cache
What is the proper way to setup SQS using Instance Profile credentials provider?
Much simpler than you think!
You just don't set values for the aws key and secret env vars on the .env file. They default to null and the PHP SDK will attempt to find credentials using the regular means all the aws sdk’s do automatically - attempt to find creds in ~/.aws or using the instance meta data service (to get the instance profile credentials).
in your case, I believe you should remove the “credentials” array key that it looks like you added.
Hi @fideloper thanks for the reply!
I see but wouldn't that fallback to the DefaultCredentialsProvider?
I was under the assumption that there is some performance concerns over using DefaultCredentialsProvider and if possible we should use a specific credentials provider depending on our use case.
As per the docs
Create a default credential provider that first checks for environment variables, then checks for assumed role via web identity, then checks for cached SSO credentials from the CLI, then check for credential_process in the "default" profile in ~/.aws/credentials, then checks for the "default" profile in ~/.aws/credentials, then for credential_process in the "default profile" profile in ~/.aws/config, then checks for "profile default" profile in ~/.aws/config (which is the default profile of AWS CLI), then tries to make a GET Request to fetch credentials if ECS environment variable is presented, finally checks for EC2 instance profile credentials.
As mentioned, it will check credentials in so many places before actually using EC2 instance profile credentials.
Let's say you are running this code on AWS Lambda, then you should use credentials provider which loads data from environment variables, while when running in EC2 you should be using the InstanceProfileProvider
Was wondering if there is a way to specify the credentials provider as InstanceProfileProvider here
Let me know what you think @fideloper
Please or to participate in this conversation.