AWS Code Sample

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.


AssumeRole.php demonstrates how to how to retrieve an assumed role that you can use for cross-account or federation access to an AWS resource.

<?php /** * Copyright 2010-2019, Inc. or its affiliates. All Rights Reserved. * * This file is licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. A copy of * the License is located at * * * * This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. * * * */ require 'vendor/autoload.php'; use Aws\Sts\StsClient; use Aws\Exception\AwsException; /** * Assume Role * * This code expects that you have AWS credentials set up per: * */ $client = new StsClient([ 'profile' => 'default', 'region' => 'us-west-2', 'version' => '2011-06-15' ]); $roleToAssumeArn = 'arn:aws:iam::123456789012:role/RoleName'; try { $result = $client->assumeRole([ 'RoleArn' => $roleToAssumeArn, 'RoleSessionName' => 'session1' ]); // output AssumedRole credentials, you can use these credentials // to initiate a new AWS Service client with the IAM Role's permissions $s3Client = new S3Client([ 'version' => '2006-03-01', 'region' => 'us-west-2', 'credentials' => [ 'key' => $result['Credentials']['AccessKeyId'], 'secret' => $result['Credentials']['SecretAccessKey'], 'token' => $result['Credentials']['SessionToken'] ] ]); } catch (AwsException $e) { // output error message if fails error_log($e->getMessage()); }

Sample Details

Service: sts

Last tested: 2019-04-16

Author: jschwarzwalder (AWS)

Type: full-example

On this page: