/** * Fetches and caches EC2 instance profile credentials. This is meant to be used by the constructor, and is not to * be manually invoked. * * @param CacheCore $cache (Required) The a reference to the cache object that is being used to handle the caching. * @param array $options (Required) The options that were passed into the constructor. * @return mixed The data to be cached, or NULL. */ public function cache_instance_profile_credentials($cache, $options) { $instance_profile_url = 'http://169.254.169.254/latest/meta-data/iam/security-credentials/'; $connect_timeout = isset($options['instance_profile_timeout']) ? $options['instance_profile_timeout'] : 2; try { // Make a call to the EC2 Metadata Service to find the available instance profile $request = new RequestCore($instance_profile_url); $request->set_curlopts(array(CURLOPT_CONNECTTIMEOUT => $connect_timeout)); $response = $request->send_request(true); if ($response->isOK()) { // Get the instance profile name $profile = (string) $response->body; // Make a call to the EC2 Metadata Service to get the instance profile credentials $request = new RequestCore($instance_profile_url . $profile); $request->set_curlopts(array(CURLOPT_CONNECTTIMEOUT => $connect_timeout)); $response = $request->send_request(true); if ($response->isOK()) { // Get the credentials $credentials = json_decode($response->body, true); if ($credentials['Code'] === 'Success') { // Determine the expiration time $expiration_time = strtotime((string) $credentials['Expiration']); $expiration_duration = round(($expiration_time - time()) * 0.85); $cache->expire_in($expiration_duration); // Return the credential information return array('key' => $credentials['AccessKeyId'], 'secret' => $credentials['SecretAccessKey'], 'token' => $credentials['Token'], 'expires' => $credentials['Expiration']); } } } } catch (cURL_Exception $e) { // The EC2 Metadata Service does not exist or had timed out. // An exception will be thrown on the next line. } // @codeCoverageIgnoreStart throw new CFCredentials_Exception('No credentials were provided. The SDK attempted to retrieve Instance ' . 'Profile credentials from the EC2 Instance Metadata Service, but failed to do so. Instance profile ' . 'credentials are only accessible on EC2 instances configured with a specific IAM role.'); // @codeCoverageIgnoreEnd }
/** * Fetches and caches STS credentials. This is meant to be used by the constructor, and is not to be * manually invoked. * * @param CacheCore $cache (Required) The a reference to the cache object that is being used to handle the caching. * @param array $options (Required) The options that were passed into the constructor. * @return mixed The data to be cached, or NULL. */ public function cache_sts_credentials($cache, $options) { $token = new AmazonSTS($options); $response = $token->get_session_token(); if ($response->isOK()) { // Update the expiration $expiration_time = strtotime((string) $response->body->GetSessionTokenResult->Credentials->Expiration); $expiration_duration = round(($expiration_time - time()) * 0.85); $cache->expire_in($expiration_duration); // Return the important data return array('key' => (string) $response->body->GetSessionTokenResult->Credentials->AccessKeyId, 'secret' => (string) $response->body->GetSessionTokenResult->Credentials->SecretAccessKey, 'token' => (string) $response->body->GetSessionTokenResult->Credentials->SessionToken, 'expires' => (string) $response->body->GetSessionTokenResult->Credentials->Expiration); } return null; }