drrkgbm6851 2018-07-25 17:19
浏览 123
已采纳

从PHP SDK获取AWS IAM凭据

I use AWS Services regularly and have my PHP SDK automatically retrieve credentials from my ec2 instance when I connect with Amazon.

I now have a library that I want to use which also requires my AWS secret key and access key to be included when I instantiate the class.

How can I retrieve the current access token and secret key through the AWS PHP SDK so I don't hard code keys into my application?

  • 写回答

1条回答 默认 最新

  • douxiao0400 2018-07-25 17:54
    关注

    Where are you storing your AWS Credentials? In a credentials file or IAM Role?

    [EDIT after the OP provided specific use case details]

    From the link that you provided modify the example to look like this. Note: I have not tested the code, but this will be close:

    // Require Composer's autoloader
    require_once __DIR__ . "/vendor/autoload.php";
    
    use Aws\Credentials\Credentials
    use Aws\Credentials\CredentialProvider;
    use Aws\Exception\CredentialsException;
    use EddTurtle\DirectUpload\Signature;
    
    // Use the default credential provider
    $provider = CredentialProvider::defaultProvider();
    
    $credentials = $provider()->wait();
    
    $upload = new Signature(
        $credentials->getAccessKeyId(),
        $credentials->getSecretKey(),
        "YOUR_S3_BUCKET",
        "eu-west-1"
    );
    

    [END EDIT]

    The simplest answer if you are using a credentials file is to open ~/.aws/credentials in a text editor and extract them. Otherwise follow the details below.

    See the bottom for the actual answer on how to extract your access key once you have them loaded.

    The following example will create a DynamoDB client using credentials stored in ~/.aws/credentials (normally created by the AWS CLI) from the profile named 'project1':

    $client = new DynamoDbClient([
        'profile' => 'project1',
        'region'  => 'us-west-2',
        'version' => 'latest'
    ]);
    

    However, usually you will want the SDK to locate your credentials automatically. The AWS SDK will search for your credentials in the following order (not all cases included):

    1. Environment Variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, etc.)
    2. In the default profile section of ~/.aws/credentials
    3. EC2 IAM Role

    Normally just use this example and let the SDK find the credentials for you:

    use Aws\Credentials\CredentialProvider;
    use Aws\S3\S3Client;
    
    // Use the default credential provider
    $provider = CredentialProvider::defaultProvider();
    
    // Pass the provider to the client
    $client = new S3Client([
        'region'      => 'us-west-2',
        'version'     => '2006-03-01',
        'credentials' => $provider
    ]);
    

    The SDK has a number of credential providers so that you can control exactly where your credentials are coming from.

    PHP Class CredentialProvider

    One item is that you mention Access Token. This means that you are using STS Assume Role type of access. The PHP SDK supports this also. Just dig into the documentation for STS:

    PHP STS Client

    Once you have loaded your credentials into a provider you can use the class Credentials to extract the three components (AccessKeyId, AcessKeySecret, SecurityToken):

    PHP Class Credentials

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

问题事件

  • 专家修改了标签 8月18日

悬赏问题

  • ¥15 用visualstudio2022创建vue项目后无法启动
  • ¥15 x趋于0时tanx-sinx极限可以拆开算吗
  • ¥500 把面具戴到人脸上,请大家贡献智慧
  • ¥15 任意一个散点图自己下载其js脚本文件并做成独立的案例页面,不要作在线的,要离线状态。
  • ¥15 各位 帮我看看如何写代码,打出来的图形要和如下图呈现的一样,急
  • ¥30 c#打开word开启修订并实时显示批注
  • ¥15 如何解决ldsc的这条报错/index error
  • ¥15 VS2022+WDK驱动开发环境
  • ¥30 关于#java#的问题,请各位专家解答!
  • ¥30 vue+element根据数据循环生成多个table,如何实现最后一列 平均分合并