drrkgbm6851 2018-07-25 17:19
浏览 123
已采纳

从PHP SDK获取AWS IAM凭据

I use AWS Services regularly and have my PHP SDK automatically retrieve credentials from my ec2 instance when I connect with Amazon.

I now have a library that I want to use which also requires my AWS secret key and access key to be included when I instantiate the class.

How can I retrieve the current access token and secret key through the AWS PHP SDK so I don't hard code keys into my application?

  • 写回答

1条回答 默认 最新

  • douxiao0400 2018-07-25 17:54
    关注

    Where are you storing your AWS Credentials? In a credentials file or IAM Role?

    [EDIT after the OP provided specific use case details]

    From the link that you provided modify the example to look like this. Note: I have not tested the code, but this will be close:

    // Require Composer's autoloader
require_once __DIR__ . "/vendor/autoload.php";

use Aws\Credentials\Credentials
use Aws\Credentials\CredentialProvider;
use Aws\Exception\CredentialsException;
use EddTurtle\DirectUpload\Signature;

// Use the default credential provider
$provider = CredentialProvider::defaultProvider();

$credentials = $provider()->wait();

$upload = new Signature(
    $credentials->getAccessKeyId(),
    $credentials->getSecretKey(),
    "YOUR_S3_BUCKET",
    "eu-west-1"
);

    [END EDIT]

    The simplest answer if you are using a credentials file is to open ~/.aws/credentials in a text editor and extract them. Otherwise follow the details below.

    See the bottom for the actual answer on how to extract your access key once you have them loaded.

    The following example will create a DynamoDB client using credentials stored in ~/.aws/credentials (normally created by the AWS CLI) from the profile named 'project1':

    $client = new DynamoDbClient([
    'profile' => 'project1',
    'region'  => 'us-west-2',
    'version' => 'latest'
]);

    However, usually you will want the SDK to locate your credentials automatically. The AWS SDK will search for your credentials in the following order (not all cases included):

    1. Environment Variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, etc.)
    2. In the default profile section of ~/.aws/credentials
    3. EC2 IAM Role

    Normally just use this example and let the SDK find the credentials for you:

    use Aws\Credentials\CredentialProvider;
use Aws\S3\S3Client;

// Use the default credential provider
$provider = CredentialProvider::defaultProvider();

// Pass the provider to the client
$client = new S3Client([
    'region'      => 'us-west-2',
    'version'     => '2006-03-01',
    'credentials' => $provider
]);

    The SDK has a number of credential providers so that you can control exactly where your credentials are coming from.

    PHP Class CredentialProvider

    One item is that you mention Access Token. This means that you are using STS Assume Role type of access. The PHP SDK supports this also. Just dig into the documentation for STS:

    PHP STS Client

    Once you have loaded your credentials into a provider you can use the class Credentials to extract the three components (AccessKeyId, AcessKeySecret, SecurityToken):

    PHP Class Credentials

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

问题事件

  • 专家修改了标签 8月18日

悬赏问题

  • ¥15 echarts动画效果失效的问题。官网下载的例子。
  • ¥60 许可证msc licensing软件报错显示已有相同版本软件,但是下一步显示无法读取日志目录。
  • ¥15 Attention is all you need 的代码运行
  • ¥15 一个服务器已经有一个系统了如果用usb再装一个系统,原来的系统会被覆盖掉吗
  • ¥15 使用esm_msa1_t12_100M_UR50S蛋白质语言模型进行零样本预测时,终端显示出了sequence handled的进度条,但是并不出结果就自动终止回到命令提示行了是怎么回事:
  • ¥15 前置放大电路与功率放大电路相连放大倍数出现问题
  • ¥30 关于<main>标签页面跳转的问题
  • ¥80 部署运行web自动化项目
  • ¥15 腾讯云如何建立同一个项目中物模型之间的联系
  • ¥30 VMware 云桌面水印如何添加