Amazon Simple Storage Service
Developer Guide (API Version 2006-03-01)

Making Requests Using AWS Account or IAM User Temporary Credentials - AWS SDK for PHP

This topic guides explains how to use classes from version 3 of the AWS SDK for PHP to request temporary security credentials and use them to access Amazon S3. It assumes that you are already following the instructions for Using the AWS SDK for PHP and Running PHP Examples and have the AWS SDK for PHP properly installed.

An IAM user or an AWS account can request temporary security credentials using version 3 of the AWS SDK for PHP. It can then use the temporary credentials to access Amazon S3. The credentials expire when the session duration expires. By default, the session duration is one hour. If you use IAM user credentials, you can specify the duration (from 1 to 36 hours) when requesting the temporary security credentials. For more information about temporary security credentials, see Temporary Security Credentials in the IAM User Guide. For more information about making requests, see Making Requests.


If you obtain temporary security credentials using your AWS account security credentials, the temporary security credentials are valid for only one hour. You can specify the session duration only if you use IAM user credentials to request a session.

The following PHP example lists object keys in the specified bucket using temporary security credentials. The example obtains temporary security credentials for a default one-hour session, and uses them to send authenticated request to Amazon S3. For information about running the PHP examples in this guide, see Running PHP Examples.

If you want to test the example using IAM user credentials, you need to create an IAM user under your AWS account. For information about how to create an IAM user, see Creating Your First IAM User and Administrators Group in the IAM User Guide. For an example of setting the session duration when using IAM user credentials to request a session, see Making Requests Using Federated User Temporary Credentials - AWS SDK for PHP.

require 'vendor/autoload.php'; use Aws\Sts\StsClient; use Aws\S3\S3Client; use Aws\S3\Exception\S3Exception; $bucket = '*** Your Bucket Name ***'; $sts = new StsClient([ 'version' => 'latest', 'region' => 'us-east-1' ]); $sessionToken = $sts->getSessionToken(); $s3 = new S3Client([ 'region' => 'us-east-1', 'version' => 'latest', 'credentials' => [ 'key' => $sessionToken['Credentials']['AccessKeyId'], 'secret' => $sessionToken['Credentials']['SecretAccessKey'], 'token' => $sessionToken['Credentials']['SessionToken'] ] ]); $result = $s3->listBuckets(); try { // Retrieve a paginator for listing objects. $objects = $s3->getPaginator('ListObjects', [ 'Bucket' => $bucket ]); echo "Keys retrieved!" . PHP_EOL; // List objects foreach ($objects as $object) { echo $object['Key'] . PHP_EOL; } } catch (S3Exception $e) { echo $e->getMessage() . PHP_EOL; }

Related Resources

On this page: