Exemplo n.º 1
1
 public function testThatAssumeRoleWithWebIdentityRequestsDoNotGetSigned()
 {
     $client = StsClient::factory();
     $mock = new MockPlugin();
     $mock->addResponse(new Response(200));
     $client->addSubscriber($mock);
     $command = $client->getCommand('AssumeRoleWithWebIdentity', array('RoleArn' => 'xxxxxxxxxxxxxxxxxxxxxx', 'RoleSessionName' => 'xx', 'WebIdentityToken' => 'xxxx'));
     $request = $command->prepare();
     $command->execute();
     $this->assertFalse($request->hasHeader('Authorization'));
 }
Exemplo n.º 2
0
 public function testFactoryInitializesClient()
 {
     $client = StsClient::factory(array('key' => 'foo', 'secret' => 'bar', 'region' => 'us-west-1'));
     $this->assertInstanceOf('Aws\\Common\\Credentials\\Credentials', $client->getCredentials());
     $this->assertEquals('https://sts.amazonaws.com', $client->getBaseUrl());
     $this->assertInstanceOf('Aws\\Common\\Signature\\SignatureV4', $this->readAttribute($client, 'signature'));
     $this->assertTrue($client->getDescription()->hasOperation('GetSessionToken'));
 }
Exemplo n.º 3
0
 public function __construct(array $args)
 {
     if (!isset($args['version'])) {
         $args['version'] = "2011-06-15";
     }
     if (!isset($args['endpoint']) && isset($args['region'])) {
         $args['endpoint'] = sprintf("https://sts.%s.amazonaws.com", $args['region']);
     }
     parent::__construct($args);
 }
Exemplo n.º 4
0
 /**
  * Returns a set of temporary credentials for an AWS account or IAM user.
  *
  * @param integer $durationSeconds The duration, in seconds, that the credentials should remain valid.
  * @param string  $serialNumber    The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call.
  * @param string  $tokenCode       The value provided by the MFA device, if MFA is required.
  *
  * @return Guzzle\Service\Resource\Model
  *
  * @see http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.Sts.StsClient.html#_getSessionToken
  */
 public function getSessionToken($durationSeconds = 43200, $serialNumber = null, $tokenCode = null)
 {
     $args = ['DurationSeconds' => $durationSeconds];
     if ($serialNumber !== null) {
         $args['SerialNumber'] = $serialNumber;
     }
     if ($tokenCode !== null) {
         $args['TokenCode'] = $tokenCode;
     }
     return $this->client->getSessionToken($args);
 }
Exemplo n.º 5
0
 public function testCanInstantiateRegionlessClientsWithoutParameters()
 {
     $config = array('key' => 'foo', 'secret' => 'bar');
     try {
         // Instantiate all of the clients that do not require a region
         \Aws\S3\S3Client::factory($config);
         \Aws\CloudFront\CloudFrontClient::factory($config);
         \Aws\Route53\Route53Client::factory($config);
         \Aws\Sts\StsClient::factory($config);
     } catch (\InvalidArgumentException $e) {
         $this->fail('All of the above clients should have been instantiated without errors: ' . $e->getMessage());
     }
 }
Exemplo n.º 6
0
<?php

session_start();
require 'vendor/autoload.php';
use Aws\Sts\StsClient;
use Aws\S3\S3Client;
use Aws\Common\Credentials;
//directory name in the s3 bucket that can be unique for any customer
$s3dir = $customer_id = "user_1";
//S3 & accesso S3:
$Bucket = '<Bucket Name>';
$RoleArn = '<Role ARN>';
$auth = array('key' => '<AccessKey>', 'secret' => '<SecretKey>');
// Client STS is required to create temporary credentials for the user(customer)
$sts = StsClient::factory($auth);
//Let's define the personalized policy for the user(Customer that use the service):
$Policy = '{
					"Version": "2012-10-17",
					"Statement": [
						{
							"Sid": "AllowAllS3ActionsInUserFolder",
							"Effect": "Allow",
							"Action": [
								"s3:GetObject"
							],
							"Resource": [
								"arn:aws:s3:::' . $Bucket . '/' . $s3dir . '/*"
							]
						}
					]
				}';
Exemplo n.º 7
0
 /**
  * @expectedException \Aws\Common\Exception\InvalidArgumentException
  */
 public function testRequiresLongTermCredentials()
 {
     StsClient::factory(array('key' => 'foo', 'secret' => 'bar', 'token' => 'foo', 'region' => 'us-west-1'));
 }
Exemplo n.º 8
0
 /**
  * @param array $role
  * @return array
  */
 protected function getCredentials($role = [])
 {
     $c = new StsClient(['version' => 'latest', 'region' => 'us-east-1']);
     $credentials = $c->assumeRole(['RoleArn' => sprintf(self::ROLE_ARN, $role['account'], $role['role']), 'RoleSessionName' => 'aws-commands'])->search('Credentials');
     return $credentials;
 }
Exemplo n.º 9
0
 /**
  * @expectedException \Aws\Sts\Exception\StsException
  * @expectedExceptionMessage Not authorized to perform sts:AssumeRoleWithWebIdentity
  */
 public function testFailsOnBadWebIdentity()
 {
     $this->client->assumeRoleWithWebIdentity(array('RoleArn' => 'arn:aws:iam::123123123123:role/DummyRole.', 'RoleSessionName' => 'dummy-session-name', 'WebIdentityToken' => 'dummy-oauth-token', 'ProviderId' => 'dummy-provider-name', 'Policy' => json_encode(array('Statement' => array(array('Effect' => 'Deny', 'Action' => 's3:GetObject', 'Resource' => 'arn:aws:s3:::mybucket/dummy/*'))))));
 }
<?php

require 'vendor/autoload.php';
define("AWS_ACCESS_KEY", "AKIAIQ5G3H2ETTRQSUUQ");
define("AWS_SECRET_KEY", "DtVG2Cvx9Q/Q07OPksxlc6++Kskw+D24IDgPSvyM");
define("S3_EUROPE_BUCKET", "adbestkdev-priv-ire");
use Aws\Sts\StsClient;
use Aws\S3\S3Client;
try {
    $config = array('key' => AWS_ACCESS_KEY, 'secret' => AWS_SECRET_KEY, 'region' => "eu-west-1");
    $sts = StsClient::factory($config);
    /*$result = $sts->getFederationToken(array(
            'Name'            => 'User1',
            'DurationSeconds' => 3600,
            'Policy'          => json_encode(array(
                'Statement' => array(
                    array(
                        'Sid'      => 'randomstatementid' . time(),
                        'Action'   => array('s3:ListBucket','s:ListBucket'),
                        'Effect'   => 'Allow',
                        'Resource' => 'arn:aws:s3:::'.S3_EUROPE_BUCKET
                    )
                )
            ))
        ));
    
        $credentials = $result->get('Credentials');*/
    $credentials = $sts->getSessionToken()->get('Credentials');
    echo $credentials['AccessKeyId'] . "<br>";
    echo urlencode($credentials['SecretAccessKey']) . "<br><br>";
    echo $credentials['SessionToken'] . "<br><br>";