Installation guide
Note
Temporary credentials generated by AWS STS are not supported by every service. Please check if the service
you are using supports temporary credentials by reading AWS Services that Support AWS STS.
Getting temporary credentials
AWS STS has several operations that return temporary credentials, but the GetSessionToken operation is the
simplest for demonstration purposes. Assuming you have an instance of Aws\Sts\StsClient stored in the
$stsClient variable, this is how you call it:
$result = $stsClient->getSessionToken();
The result for GetSessionToken and the other AWS STS operations always contains a 'Credentials' value.
If you print the result (e.g., print_r($result)), it looks like the following:
Array
(
...
[Credentials] => Array
(
[SessionToken] => '<base64 encoded session token value>'
[SecretAccessKey] => '<temporary secret access key value>'
[Expiration] => 2013-11-01T01:57:52Z
[AccessKeyId] => '<temporary access key value>'
)
...
)
Providing temporary credentials to the SDK
You can use temporary credentials with another AWS client by instantiating the client and passing in the values
received from AWS STS directly.
use Aws\S3\S3Client;
$result = $stsClient->getSessionToken();
$s3Client = S3Client::factory(array(
'key' => $result['Credentials']['AccessKeyId'],
'secret' => $result['Credentials']['SecretAccessKey'],
'token' => $result['Credentials']['SessionToken'],
));
You can also construct a Credentials object and use that when instantiating the client.
use Aws\Common\Credentials\Credentials;
use Aws\S3\S3Client;
$result = $stsClient->getSessionToken();
$credentials = new Credentials(
$result['Credentials']['AccessKeyId'],
$result['Credentials']['SecretAccessKey'],
$result['Credentials']['SessionToken']
);
$s3Client = S3Client::factory(array('credentials' => $credentials));
Providing Credentials to the SDK
24