AWS Documentation » Amazon Simple Storage Service (S3) » Developer Guide » Making Requests » Making Requests using AWS SDKs » Making Requests Using IAM User Temporary Credentials » Making Requests Using IAM User Temporary Credentials - AWS SDK for PHP	« Previous Next »
	Did this page help you? Yes \| No \| Tell us about it...

Making Requests Using IAM User Temporary Credentials - AWS SDK for PHP

An IAM user or an AWS Account can request temporary security credentials (see Making Requests) using the AWS SDK for PHP and use them to access Amazon S3. These credentials expire after the session duration. By default, the session duration is one hour. If you use IAM user credentials, you can specify the duration, between 1 and 36 hours, when requesting the temporary security credentials.

Making Requests Using IAM User Temporary Security Credentials

Create an instance of the AmazonSTS class by providing your credentials.

Execute the AmazonSTS::get_session_token() method to start a session.

The method returns you temporary security credentials.

Create an instance of the AmazonS3 class by providing the temporary security credentials you obtained in the preceding step.

Any methods in the AmazonS3 class that you call use the temporary security credentials to send authenticated requests to Amazon S3.

The following PHP code sample demonstrates the preceding tasks.

// In real applications, the following code is part of your trusted code. It has 
// your security credentials that you use to obtain temporary security credentials.
$token = new AmazonSTS();
$response = $token->get_session_token();

$AccessKeyId = (string)$response->body->GetSessionTokenResult->Credentials->AccessKeyId;
$SecretAccessKey = (string)$response->body->GetSessionTokenResult->Credentials->SecretAccessKey;
$SessionToken = (string)$response->body->GetSessionTokenResult->Credentials->SessionToken;

// The following will be part of your less trusted code. You provide temporary security
// credentials so it can send authenticated requests to Amazon S3. 
// Create an AmazonS3 using temporary security credentials.
$s3 = new AmazonS3($AccessKeyId, $SecretAccessKey, $SessionToken);
// Send requests to Amazon S3.

Note

If you obtain temporary security credentials using your AWS account credentials, the temporary security credentials are valid for only one hour. You can specify the session duration only if you use IAM user credentials to request a session.

Example

The following PHP code example lists object keys in the specified bucket. For illustration, the code example obtains temporary security credentials for a default one hour session and uses them to send authenticated request to Amazon S3.

If you want to test the sample using IAM user credentials, you will need to create an IAM user under your AWS Account. For more information about how to create an IAM user, go to Set Up a Group, Grant Permissions, and Add Users in the AWS Identity and Access Management Getting Started Guide.

<?php
require_once '../aws-sdk-for-php/sdk.class.php';
header('Content-Type: text/plain; charset=utf-8');

$bucket = '*** Provide bucket name ***';

$token = new AmazonSTS();
$response1 = $token->get_session_token();

$AccessKeyId = (string)$response1->body->GetSessionTokenResult->Credentials->AccessKeyId;
$SecretAccessKey = (string)$response1->body->GetSessionTokenResult->Credentials->SecretAccessKey;
$SessionToken = (string)$response1->body->GetSessionTokenResult->Credentials->SessionToken;

// Instantiate the class.
$s3 = new AmazonS3($AccessKeyId, $SecretAccessKey, $SessionToken);

// Send list object request.

$response = $s3->list_objects($bucket);

// Success?
print_r(gettype($response) === 'array');

if($response)
{
   echo "Keys retrieved!" . PHP_EOL;

	foreach ($response as $key)
    {
        print_r($key);
    }
}
else
{
    print_r($response);
}

Related Resources

Using the AWS SDKs and Explorers

Document Conventions	« Previous Next »
Terms of Use	Did this page help you? Yes \| No \| Tell us about it...