drrkgbm6851 2018-07-25 09:19
浏览 124
已采纳

从PHP SDK获取AWS IAM凭据

I use AWS Services regularly and have my PHP SDK automatically retrieve credentials from my ec2 instance when I connect with Amazon.

I now have a library that I want to use which also requires my AWS secret key and access key to be included when I instantiate the class.

How can I retrieve the current access token and secret key through the AWS PHP SDK so I don't hard code keys into my application?

  • 写回答

1条回答 默认 最新

  • douxiao0400 2018-07-25 09:54
    关注

    Where are you storing your AWS Credentials? In a credentials file or IAM Role?

    [EDIT after the OP provided specific use case details]

    From the link that you provided modify the example to look like this. Note: I have not tested the code, but this will be close:

    // Require Composer's autoloader
    require_once __DIR__ . "/vendor/autoload.php";
    
    use Aws\Credentials\Credentials
    use Aws\Credentials\CredentialProvider;
    use Aws\Exception\CredentialsException;
    use EddTurtle\DirectUpload\Signature;
    
    // Use the default credential provider
    $provider = CredentialProvider::defaultProvider();
    
    $credentials = $provider()->wait();
    
    $upload = new Signature(
        $credentials->getAccessKeyId(),
        $credentials->getSecretKey(),
        "YOUR_S3_BUCKET",
        "eu-west-1"
    );
    

    [END EDIT]

    The simplest answer if you are using a credentials file is to open ~/.aws/credentials in a text editor and extract them. Otherwise follow the details below.

    See the bottom for the actual answer on how to extract your access key once you have them loaded.

    The following example will create a DynamoDB client using credentials stored in ~/.aws/credentials (normally created by the AWS CLI) from the profile named 'project1':

    $client = new DynamoDbClient([
        'profile' => 'project1',
        'region'  => 'us-west-2',
        'version' => 'latest'
    ]);
    

    However, usually you will want the SDK to locate your credentials automatically. The AWS SDK will search for your credentials in the following order (not all cases included):

    1. Environment Variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, etc.)
    2. In the default profile section of ~/.aws/credentials
    3. EC2 IAM Role

    Normally just use this example and let the SDK find the credentials for you:

    use Aws\Credentials\CredentialProvider;
    use Aws\S3\S3Client;
    
    // Use the default credential provider
    $provider = CredentialProvider::defaultProvider();
    
    // Pass the provider to the client
    $client = new S3Client([
        'region'      => 'us-west-2',
        'version'     => '2006-03-01',
        'credentials' => $provider
    ]);
    

    The SDK has a number of credential providers so that you can control exactly where your credentials are coming from.

    PHP Class CredentialProvider

    One item is that you mention Access Token. This means that you are using STS Assume Role type of access. The PHP SDK supports this also. Just dig into the documentation for STS:

    PHP STS Client

    Once you have loaded your credentials into a provider you can use the class Credentials to extract the three components (AccessKeyId, AcessKeySecret, SecurityToken):

    PHP Class Credentials

    展开全部

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
编辑
预览

报告相同问题?

问题事件

  • 专家修改了标签 8月18日

悬赏问题

  • ¥100 二维码被拦截如何处理
  • ¥15 怎么解决LogIn.vue中多出来的div
  • ¥15 优博讯dt50巴枪怎么提取镜像
  • ¥30 在CodBlock上用c++语言运行
  • ¥15 求C6748 IIC EEPROM程序固化烧写算法
  • ¥50 关于#php#的问题,请各位专家解答!
  • ¥15 python 3.8.0版本,安装官方库ibm_db遇到问题,提示找不到ibm_db模块。如何解决?
  • ¥15 TMUXHS4412如何防止静电,
  • ¥30 Metashape软件中如何将建模后的图像中的植被与庄稼点云删除
  • ¥20 机械振动学课后习题求解答
手机看
程序员都在用的中文IT技术交流社区

程序员都在用的中文IT技术交流社区

专业的中文 IT 技术社区,与千万技术人共成长

专业的中文 IT 技术社区,与千万技术人共成长

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

关注【CSDN】视频号,行业资讯、技术分享精彩不断,直播好礼送不停!

客服 返回
顶部