AWS SDK for PHP
Developer Guide

Managing IAM Access Keys with AWS SDK for PHP Version 3

Users need their own access keys to make programmatic calls to AWS. To fill this need, you can create, modify, view, or rotate access keys (access key IDs and secret access keys) for IAM users. By default, when you create an access key, its status is Active. This means the user can use the access key for API calls.

The following examples show how to:

  • Create a secret access key and corresponding access key ID using CreateAccessKey.

  • Return information about the access key IDs associated with an IAM user using ListAccessKeys.

  • Retrieve information about when an access key was last used using GetAccessKeyLastUsed.

  • Change the status of an access key from Active to Inactive, or vice versa, using UpdateAccessKey.

  • Delete an access key pair associated with an IAM user using DeleteAccessKey.

All the example code for the AWS SDK for PHP Version 3 is available here on GitHub.

Credentials

Before running the example code, configure your AWS credentials, as described in Credentials for the AWS SDK for PHP Version 3. Then import the AWS SDK for PHP, as described in Basic Usage Patterns of the AWS SDK for PHP Version 3.

Create an Access Key

Imports

require 'vendor/autoload.php'; use Aws\Iam\IamClient; use Aws\Exception\AwsException;

Sample Code

$client = new IamClient([ 'profile' => 'default', 'region' => 'us-west-2', 'version' => '2010-05-08' ]); try { $result = $client->createAccessKey([ 'UserName' => 'IAM_USER_NAME', ]); $keyID = $result['AccessKey']['AccessKeyId']; $createDate = $result['AccessKey']['CreateDate']; $userName = $result['AccessKey']['UserName']; $status = $result['AccessKey']['Status']; // $secretKey = $result['AccessKey']['SecretAccessKey'] echo "<p>AccessKey " . $keyID . " created on " . $createDate . "</p>"; echo "<p>Username: " . $userName . "</p>"; echo "<p>Status: " . $status . "</p>"; } catch (AwsException $e) { // output error message if fails error_log($e->getMessage()); }

List Access Keys

Imports

require 'vendor/autoload.php'; use Aws\Iam\IamClient; use Aws\Exception\AwsException;

Sample Code

$client = new IamClient([ 'profile' => 'default', 'region' => 'us-west-2', 'version' => '2010-05-08' ]); try { $result = $client->listAccessKeys(); var_dump($result); } catch (AwsException $e) { // output error message if fails error_log($e->getMessage()); }

Get Information about an Access Key's Last Use

Imports

require 'vendor/autoload.php'; use Aws\Iam\IamClient; use Aws\Exception\AwsException;

Sample Code

$client = new IamClient([ 'profile' => 'default', 'region' => 'us-west-2', 'version' => '2010-05-08' ]); try { $result = $client->getAccessKeyLastUsed([ 'AccessKeyId' => 'ACCESS_KEY_ID', // REQUIRED ]); var_dump($result); } catch (AwsException $e) { // output error message if fails error_log($e->getMessage()); }

Update an Access Key

Imports

require 'vendor/autoload.php'; use Aws\Iam\IamClient; use Aws\Exception\AwsException;

Sample Code

$client = new IamClient([ 'profile' => 'default', 'region' => 'us-west-2', 'version' => '2010-05-08' ]); try { $result = $client->updateAccessKey([ 'AccessKeyId' => 'ACCESS_KEY_ID', // REQUIRED 'Status' => 'Inactive', // REQUIRED 'UserName' => 'IAM_USER_NAME', ]); var_dump($result); } catch (AwsException $e) { // output error message if fails error_log($e->getMessage()); }

Delete an Access Key

Imports

require 'vendor/autoload.php'; use Aws\Iam\IamClient; use Aws\Exception\AwsException;

Sample Code

$client = new IamClient([ 'profile' => 'default', 'region' => 'us-west-2', 'version' => '2010-05-08' ]); try { $result = $client->deleteAccessKey([ 'AccessKeyId' => 'ACCESS_KEY_ID', // REQUIRED 'UserName' => 'IAM_USER_NAME', ]); var_dump($result); } catch (AwsException $e) { // output error message if fails error_log($e->getMessage()); }