Menu
Amazon Simple Storage Service
Developer Guide (API Version 2006-03-01)

Making Requests Using AWS Account or IAM User Temporary Credentials - AWS SDK for PHP

This topic guides you through using classes from the AWS SDK for PHP to request temporary security credentials and use them to access Amazon S3.

Note

This topic assumes that you are already following the instructions for Using the AWS SDK for PHP and Running PHP Examples and have the AWS SDK for PHP properly installed.

An IAM user or an AWS Account can request temporary security credentials (see Making Requests) using the AWS SDK for PHP and use them to access Amazon S3. These credentials expire when the session duration expires. By default, the session duration is one hour. If you use IAM user credentials, you can specify the duration, between 1 and 36 hours, when requesting the temporary security credentials. For more information about temporary security credentials, see Temporary Security Credentials in the IAM User Guide.

Making Requests Using AWS Account or IAM User Temporary Security Credentials

1

Create an instance of an AWS Security Token Service (AWS STS) client by using the Aws\Sts\StsClient class factory() method.

2

Execute the Aws\Sts\StsClient::getSessionToken() method to start a session.

The method returns you temporary security credentials.

3

Create an instance of an Amazon S3 client by using the Aws\S3\S3Client class factory() method with the temporary security credentials you obtained in the preceding step.

Any methods in the S3Client class that you call use the temporary security credentials to send authenticated requests to Amazon S3.

The following PHP code sample demonstrates how to request temporary security credentials and use them to access Amazon S3.

Copy
use Aws\Sts\StsClient; use Aws\S3\S3Client; // In real applications, the following code is part of your trusted code. // It has your security credentials that you use to obtain temporary // security credentials. $sts = StsClient::factory(); $result = $sts->getSessionToken(); // The following will be part of your less trusted code. You provide temporary // security credentials so it can send authenticated requests to Amazon S3. // Create an Amazon S3 client using temporary security credentials. $credentials = $result->get('Credentials'); $s3 = S3Client::factory(array( 'key' => $credentials['AccessKeyId'], 'secret' => $credentials['SecretAccessKey'], 'token' => $credentials['SessionToken'] )); $result = $s3->listBuckets();

Note

If you obtain temporary security credentials using your AWS account security credentials, the temporary security credentials are valid for only one hour. You can specify the session duration only if you use IAM user credentials to request a session.

Example of Making an Amazon S3 Request Using Temporary Security Credentials

The following PHP code example lists object keys in the specified bucket using temporary security credentials. The code example obtains temporary security credentials for a default one hour session and uses them to send authenticated request to Amazon S3. For information about running the PHP examples in this guide, go to Running PHP Examples.

If you want to test the example using IAM user credentials, you will need to create an IAM user under your AWS Account. For information about how to create an IAM user, see Creating Your First IAM User and Administrators Group in the IAM User Guide. For an example of setting session duration when using IAM user credentials to request a session, see Making Requests Using Federated User Temporary Credentials - AWS SDK for PHP.

Copy
<?php // Include the AWS SDK using the Composer autoloader. require 'vendor/autoload.php'; use Aws\Sts\StsClient; use Aws\S3\S3Client; use Aws\S3\Exception\S3Exception; $bucket = '*** Your Bucket Name ***'; $sts = StsClient::factory(); $credentials = $sts->getSessionToken()->get('Credentials'); $s3 = S3Client::factory(array( 'key' => $credentials['AccessKeyId'], 'secret' => $credentials['SecretAccessKey'], 'token' => $credentials['SessionToken'] )); try { $objects = $s3->getIterator('ListObjects', array( 'Bucket' => $bucket )); echo "Keys retrieved!\n"; foreach ($objects as $object) { echo $object['Key'] . "\n"; } } catch (S3Exception $e) { echo $e->getMessage() . "\n"; }

Related Resources

On this page: