Beispiel #1
0
 /**
  * Returns a set of temporary security credentials
  * (consisting of an access key ID, a secret access key, and a security token)
  * that you can use to access AWS resources that you might not normally have access to.
  * Typically, you use AssumeRole for cross-account access or federation.
  *
  * @param string  $roleArn         The Amazon Resource Name (ARN) of the role that the caller is assuming.
  * @param string  $roleSessionName An identifier for the assumed role session. The session name is included as part of the AssumedRoleUser.
  * @param string  $policy          An IAM policy in JSON format.
  * @param integer $durationSeconds The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour).
  * @param string  $externalId      A unique identifier that is used by third parties to assume a role in their customers' accounts.
  * @param string  $serialNumber    The identification number of the MFA device that is associated with the user who is making the AssumeRole call.
  * @param string  $tokenCode       The value provided by the MFA device, if the trust policy of the role being assumed requires MFA.
  *
  * @return Guzzle\Service\Resource\Model
  *
  * @see http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.Sts.StsClient.html#_assumeRole
  */
 public function assumeRole($roleArn, $roleSessionName, $policy = null, $durationSeconds = 3600, $externalId = null, $serialNumber = null, $tokenCode = null)
 {
     $args = ['RoleArn' => $roleArn, 'RoleSessionName' => $roleSessionName, 'DurationSeconds' => $durationSeconds];
     if ($policy !== null) {
         $args['Policy'] = $policy;
     }
     if ($externalId !== null) {
         $args['ExternalId'] = $externalId;
     }
     if ($serialNumber !== null) {
         $args['SerialNumber'] = $serialNumber;
     }
     if ($tokenCode !== null) {
         $args['TokenCode'] = $tokenCode;
     }
     return $this->client->assumeRole($args);
 }
 /**
  * @param array $role
  * @return array
  */
 protected function getCredentials($role = [])
 {
     $c = new StsClient(['version' => 'latest', 'region' => 'us-east-1']);
     $credentials = $c->assumeRole(['RoleArn' => sprintf(self::ROLE_ARN, $role['account'], $role['role']), 'RoleSessionName' => 'aws-commands'])->search('Credentials');
     return $credentials;
 }