public function testThatAssumeRoleWithWebIdentityRequestsDoNotGetSigned() { $client = StsClient::factory(); $mock = new MockPlugin(); $mock->addResponse(new Response(200)); $client->addSubscriber($mock); $command = $client->getCommand('AssumeRoleWithWebIdentity', array('RoleArn' => 'xxxxxxxxxxxxxxxxxxxxxx', 'RoleSessionName' => 'xx', 'WebIdentityToken' => 'xxxx')); $request = $command->prepare(); $command->execute(); $this->assertFalse($request->hasHeader('Authorization')); }
public function testFactoryInitializesClient() { $client = StsClient::factory(array('key' => 'foo', 'secret' => 'bar', 'region' => 'us-west-1')); $this->assertInstanceOf('Aws\\Common\\Credentials\\Credentials', $client->getCredentials()); $this->assertEquals('https://sts.amazonaws.com', $client->getBaseUrl()); $this->assertInstanceOf('Aws\\Common\\Signature\\SignatureV4', $this->readAttribute($client, 'signature')); $this->assertTrue($client->getDescription()->hasOperation('GetSessionToken')); }
public function __construct(array $args) { if (!isset($args['version'])) { $args['version'] = "2011-06-15"; } if (!isset($args['endpoint']) && isset($args['region'])) { $args['endpoint'] = sprintf("https://sts.%s.amazonaws.com", $args['region']); } parent::__construct($args); }
/** * Returns a set of temporary credentials for an AWS account or IAM user. * * @param integer $durationSeconds The duration, in seconds, that the credentials should remain valid. * @param string $serialNumber The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. * @param string $tokenCode The value provided by the MFA device, if MFA is required. * * @return Guzzle\Service\Resource\Model * * @see http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.Sts.StsClient.html#_getSessionToken */ public function getSessionToken($durationSeconds = 43200, $serialNumber = null, $tokenCode = null) { $args = ['DurationSeconds' => $durationSeconds]; if ($serialNumber !== null) { $args['SerialNumber'] = $serialNumber; } if ($tokenCode !== null) { $args['TokenCode'] = $tokenCode; } return $this->client->getSessionToken($args); }
public function testCanInstantiateRegionlessClientsWithoutParameters() { $config = array('key' => 'foo', 'secret' => 'bar'); try { // Instantiate all of the clients that do not require a region \Aws\S3\S3Client::factory($config); \Aws\CloudFront\CloudFrontClient::factory($config); \Aws\Route53\Route53Client::factory($config); \Aws\Sts\StsClient::factory($config); } catch (\InvalidArgumentException $e) { $this->fail('All of the above clients should have been instantiated without errors: ' . $e->getMessage()); } }
<?php session_start(); require 'vendor/autoload.php'; use Aws\Sts\StsClient; use Aws\S3\S3Client; use Aws\Common\Credentials; //directory name in the s3 bucket that can be unique for any customer $s3dir = $customer_id = "user_1"; //S3 & accesso S3: $Bucket = '<Bucket Name>'; $RoleArn = '<Role ARN>'; $auth = array('key' => '<AccessKey>', 'secret' => '<SecretKey>'); // Client STS is required to create temporary credentials for the user(customer) $sts = StsClient::factory($auth); //Let's define the personalized policy for the user(Customer that use the service): $Policy = '{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAllS3ActionsInUserFolder", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::' . $Bucket . '/' . $s3dir . '/*" ] } ] }';
/** * @expectedException \Aws\Common\Exception\InvalidArgumentException */ public function testRequiresLongTermCredentials() { StsClient::factory(array('key' => 'foo', 'secret' => 'bar', 'token' => 'foo', 'region' => 'us-west-1')); }
/** * @param array $role * @return array */ protected function getCredentials($role = []) { $c = new StsClient(['version' => 'latest', 'region' => 'us-east-1']); $credentials = $c->assumeRole(['RoleArn' => sprintf(self::ROLE_ARN, $role['account'], $role['role']), 'RoleSessionName' => 'aws-commands'])->search('Credentials'); return $credentials; }
/** * @expectedException \Aws\Sts\Exception\StsException * @expectedExceptionMessage Not authorized to perform sts:AssumeRoleWithWebIdentity */ public function testFailsOnBadWebIdentity() { $this->client->assumeRoleWithWebIdentity(array('RoleArn' => 'arn:aws:iam::123123123123:role/DummyRole.', 'RoleSessionName' => 'dummy-session-name', 'WebIdentityToken' => 'dummy-oauth-token', 'ProviderId' => 'dummy-provider-name', 'Policy' => json_encode(array('Statement' => array(array('Effect' => 'Deny', 'Action' => 's3:GetObject', 'Resource' => 'arn:aws:s3:::mybucket/dummy/*')))))); }
<?php require 'vendor/autoload.php'; define("AWS_ACCESS_KEY", "AKIAIQ5G3H2ETTRQSUUQ"); define("AWS_SECRET_KEY", "DtVG2Cvx9Q/Q07OPksxlc6++Kskw+D24IDgPSvyM"); define("S3_EUROPE_BUCKET", "adbestkdev-priv-ire"); use Aws\Sts\StsClient; use Aws\S3\S3Client; try { $config = array('key' => AWS_ACCESS_KEY, 'secret' => AWS_SECRET_KEY, 'region' => "eu-west-1"); $sts = StsClient::factory($config); /*$result = $sts->getFederationToken(array( 'Name' => 'User1', 'DurationSeconds' => 3600, 'Policy' => json_encode(array( 'Statement' => array( array( 'Sid' => 'randomstatementid' . time(), 'Action' => array('s3:ListBucket','s:ListBucket'), 'Effect' => 'Allow', 'Resource' => 'arn:aws:s3:::'.S3_EUROPE_BUCKET ) ) )) )); $credentials = $result->get('Credentials');*/ $credentials = $sts->getSessionToken()->get('Credentials'); echo $credentials['AccessKeyId'] . "<br>"; echo urlencode($credentials['SecretAccessKey']) . "<br><br>"; echo $credentials['SessionToken'] . "<br><br>";