/** * Returns a set of temporary security credentials * (consisting of an access key ID, a secret access key, and a security token) * that you can use to access AWS resources that you might not normally have access to. * Typically, you use AssumeRole for cross-account access or federation. * * @param string $roleArn The Amazon Resource Name (ARN) of the role that the caller is assuming. * @param string $roleSessionName An identifier for the assumed role session. The session name is included as part of the AssumedRoleUser. * @param string $policy An IAM policy in JSON format. * @param integer $durationSeconds The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) to 3600 seconds (1 hour). * @param string $externalId A unique identifier that is used by third parties to assume a role in their customers' accounts. * @param string $serialNumber The identification number of the MFA device that is associated with the user who is making the AssumeRole call. * @param string $tokenCode The value provided by the MFA device, if the trust policy of the role being assumed requires MFA. * * @return Guzzle\Service\Resource\Model * * @see http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.Sts.StsClient.html#_assumeRole */ public function assumeRole($roleArn, $roleSessionName, $policy = null, $durationSeconds = 3600, $externalId = null, $serialNumber = null, $tokenCode = null) { $args = ['RoleArn' => $roleArn, 'RoleSessionName' => $roleSessionName, 'DurationSeconds' => $durationSeconds]; if ($policy !== null) { $args['Policy'] = $policy; } if ($externalId !== null) { $args['ExternalId'] = $externalId; } if ($serialNumber !== null) { $args['SerialNumber'] = $serialNumber; } if ($tokenCode !== null) { $args['TokenCode'] = $tokenCode; } return $this->client->assumeRole($args); }
/** * @param array $role * @return array */ protected function getCredentials($role = []) { $c = new StsClient(['version' => 'latest', 'region' => 'us-east-1']); $credentials = $c->assumeRole(['RoleArn' => sprintf(self::ROLE_ARN, $role['account'], $role['role']), 'RoleSessionName' => 'aws-commands'])->search('Credentials'); return $credentials; }