public function testThatAssumeRoleWithWebIdentityRequestsDoNotGetSigned()
{
$client = StsClient::factory();
$mock = new MockPlugin();
$mock->addResponse(new Response(200));
$client->addSubscriber($mock);
$command = $client->getCommand('AssumeRoleWithWebIdentity', array('RoleArn' => 'xxxxxxxxxxxxxxxxxxxxxx', 'RoleSessionName' => 'xx', 'WebIdentityToken' => 'xxxx'));
$request = $command->prepare();
$command->execute();
$this->assertFalse($request->hasHeader('Authorization'));
}
public function testFactoryInitializesClient()
{
$client = StsClient::factory(array('key' => 'foo', 'secret' => 'bar', 'region' => 'us-west-1'));
$this->assertInstanceOf('Aws\\Common\\Credentials\\Credentials', $client->getCredentials());
$this->assertEquals('https://sts.amazonaws.com', $client->getBaseUrl());
$this->assertInstanceOf('Aws\\Common\\Signature\\SignatureV4', $this->readAttribute($client, 'signature'));
$this->assertTrue($client->getDescription()->hasOperation('GetSessionToken'));
}
public function testCanInstantiateRegionlessClientsWithoutParameters()
{
$config = array('key' => 'foo', 'secret' => 'bar');
try {
// Instantiate all of the clients that do not require a region
\Aws\S3\S3Client::factory($config);
\Aws\CloudFront\CloudFrontClient::factory($config);
\Aws\Route53\Route53Client::factory($config);
\Aws\Sts\StsClient::factory($config);
} catch (\InvalidArgumentException $e) {
$this->fail('All of the above clients should have been instantiated without errors: ' . $e->getMessage());
}
}
<?php
session_start();
require 'vendor/autoload.php';
use Aws\Sts\StsClient;
use Aws\S3\S3Client;
use Aws\Common\Credentials;
//directory name in the s3 bucket that can be unique for any customer
$s3dir = $customer_id = "user_1";
//S3 & accesso S3:
$Bucket = '<Bucket Name>';
$RoleArn = '<Role ARN>';
$auth = array('key' => '<AccessKey>', 'secret' => '<SecretKey>');
// Client STS is required to create temporary credentials for the user(customer)
$sts = StsClient::factory($auth);
//Let's define the personalized policy for the user(Customer that use the service):
$Policy = '{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAllS3ActionsInUserFolder",
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::' . $Bucket . '/' . $s3dir . '/*"
]
}
]
}';
/**
* @expectedException \Aws\Common\Exception\InvalidArgumentException
*/
public function testRequiresLongTermCredentials()
{
StsClient::factory(array('key' => 'foo', 'secret' => 'bar', 'token' => 'foo', 'region' => 'us-west-1'));
}
<?php
require 'vendor/autoload.php';
define("AWS_ACCESS_KEY", "AKIAIQ5G3H2ETTRQSUUQ");
define("AWS_SECRET_KEY", "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");
define("S3_EUROPE_BUCKET", "adbestkdev-priv-ire");
use Aws\Sts\StsClient;
use Aws\S3\S3Client;
try {
$config = array('key' => AWS_ACCESS_KEY, 'secret' => AWS_SECRET_KEY, 'region' => "eu-west-1");
$sts = StsClient::factory($config);
/*$result = $sts->getFederationToken(array(
'Name' => 'User1',
'DurationSeconds' => 3600,
'Policy' => json_encode(array(
'Statement' => array(
array(
'Sid' => 'randomstatementid' . time(),
'Action' => array('s3:ListBucket','s:ListBucket'),
'Effect' => 'Allow',
'Resource' => 'arn:aws:s3:::'.S3_EUROPE_BUCKET
)
)
))
));
$credentials = $result->get('Credentials');*/
$credentials = $sts->getSessionToken()->get('Credentials');
echo $credentials['AccessKeyId'] . "<br>";
echo urlencode($credentials['SecretAccessKey']) . "<br><br>";
echo $credentials['SessionToken'] . "<br><br>";
