# `PhoenixKit.AWS.CredentialsVerifier` [🔗](https://github.com/BeamLabEU/phoenix_kit/blob/v1.7.165/lib/phoenix_kit/aws/credentials_verifier.ex#L1) AWS credentials verification module. This module provides functionality to: - Validate AWS Access Key ID and Secret Access Key format - Verify credential connectivity via AWS STS GetCallerIdentity - List available AWS regions - Check minimal required permissions for email operations ## Features - **Credential Validation**: Basic format validation for access key and secret - **Connectivity Testing**: Verify credentials can make AWS API calls - **Region Discovery**: List available regions for the AWS account - **Permission Checks**: Validate access to SQS, SNS, and SES services - **Error Handling**: Detailed error messages for common issues ## Usage # Basic credential verification PhoenixKit.AWS.CredentialsVerifier.verify_credentials( access_key_id: "AKIA...", secret_access_key: "****************", region: "eu-north-1" ) # Get available regions PhoenixKit.AWS.CredentialsVerifier.get_available_regions( access_key_id: "AKIA...", secret_access_key: "****************", region: "eu-north-1" ) # `check_permissions` Performs basic AWS permissions check using List operations. ⚠️ **Important Disclaimer:** - This checks READ permissions (List operations), NOT CREATE permissions - `ListQueues` does NOT guarantee `CreateQueue` permission - `ListTopics` does NOT guarantee `CreateTopic` permission - Actual CREATE permissions are verified during "Setup AWS Infrastructure" This provides a basic sanity check that credentials have SOME access to required services. ## Checked Operations - SQS: `ListQueues` (indicates basic SQS access) - SNS: `ListTopics` (indicates basic SNS access) - SES: `ListConfigurationSets` (indicates basic SES access) - EC2: `DescribeRegions` (optional - for auto-loading regions feature) ## Parameters - `access_key_id`: AWS Access Key ID (string) - `secret_access_key`: AWS Secret Access Key (string) - `region`: AWS region (string) ## Returns - `{:ok, permissions_map}` where permissions_map is: ``` %{ sqs: %{"ListQueues" => :granted | :denied}, sns: %{"ListTopics" => :granted | :denied}, ses: %{"ListConfigurationSets" => :granted | :denied}, ec2: %{"DescribeRegions" => :granted | :denied, optional: true} } ``` - `{:error, reason}` if configuration fails # `get_available_regions` Gets list of available AWS regions for the account. ## Parameters - `access_key_id`: AWS Access Key ID (string) - `secret_access_key`: AWS Secret Access Key (string) - `region`: AWS region (string) ## Returns - `{:ok, [region_names]}` on success - `{:error, reason}` on failure # `verify_credentials` Verifies AWS credentials using STS GetCallerIdentity. ## Parameters - `access_key_id`: AWS Access Key ID (string) - `secret_access_key`: AWS Secret Access Key (string) - `region`: AWS region (string) ## Returns - `{:ok, %{access_key_id: string, aws_user_id: string, account_id: string, arn: string}}` on success - `{:error, :invalid_credentials}` for format issues - `{:error, :authentication_failed}` for invalid credentials - `{:error, :network_error}` for connectivity issues - `{:error, rate_limited}` for AWS rate limiting --- *Consult [api-reference.md](api-reference.md) for complete listing*