如何使用aws php sdk的AmazonSTS?

时间:2012-10-09 22:35:27

标签: php sdk amazon-web-services

我正在尝试使用aws sdk for php为用户创建临时凭证。从我可以收集的内容来看,应该只是通过IAM为我的sdk用户添加sts策略:

{
  "Statement": [
    {
      "Sid": "Stmt1349820612345",
      "Action": "sts:*",
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

然后实例化sts类,如示例所示:

  // Instantiate the class
  $token = new AmazonSTS();

// Generate a new IAM policy
  $policy = new CFPolicy($token, array(
    'Statement' => array(
      array(
        'Sid' => 'SID' . time(),
        'Action' => array(
          's3:ListBucket'
        ),
        'Effect' => 'Allow',
        'Resource' => 'arn:aws:s3:::my-bucket'
      )
    )
  ));

// Fetch the session credentials
  $response = $token->get_federation_token('my-user', array(
    'Policy' => $policy->get_json(),
    'DurationSeconds' => 3600
  ));

  $credentials = $response->body->GetFederatedTokenResult->Credentials
    ->to_array()->getArrayCopy();
  return $credentials;

使用常规临时凭证令牌时,它可以正常工作:

$token = new AmazonSTS();
$response = $token->get_session_token();

$credentials = $response->body->GetSessionTokenResult->Credentials->to_array()->getArrayCopy();

有没有人有这方面的实例,或者可以看到我哪里出错了?

1 个答案:

答案 0 :(得分:1)

最后found this in the s3 docs有效

  $AccessKeyId = (string)$response->
    body->GetFederationTokenResult->Credentials->AccessKeyId;
  $SecretAccessKey = (string)$response->
    body->GetFederationTokenResult->Credentials->SecretAccessKey;
  $SessionToken = (string)$response->
    body->GetFederationTokenResult->Credentials->SessionToken;

所以这是有效的

$credentials = $response->body->GetFederationTokenResult->Credentials->to_array()->getArrayCopy();
相关问题
最新问题