1

我正在尝试使用 aws sdk for php 为用户创建临时凭据。据我所知,这应该只是通过 IAM 为我的 sdk 用户添加 sts 策略的情况:

{
  "Statement": [
    {
      "Sid": "Stmt1349820612345",
      "Action": "sts:*",
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

然后实例化 sts 类,如示例所示:

  // Instantiate the class
  $token = new AmazonSTS();

// Generate a new IAM policy
  $policy = new CFPolicy($token, array(
    'Statement' => array(
      array(
        'Sid' => 'SID' . time(),
        'Action' => array(
          's3:ListBucket'
        ),
        'Effect' => 'Allow',
        'Resource' => 'arn:aws:s3:::my-bucket'
      )
    )
  ));

// Fetch the session credentials
  $response = $token->get_federation_token('my-user', array(
    'Policy' => $policy->get_json(),
    'DurationSeconds' => 3600
  ));

  $credentials = $response->body->GetFederatedTokenResult->Credentials
    ->to_array()->getArrayCopy();
  return $credentials;

当我使用常规临时凭证令牌时它工作正常:

$token = new AmazonSTS();
$response = $token->get_session_token();

$credentials = $response->body->GetSessionTokenResult->Credentials->to_array()->getArrayCopy();

有没有人有一个可行的例子或者可以看到我哪里出错了?

4

1 回答 1

1

终于在有效的 s3 文档中找到了这个

  $AccessKeyId = (string)$response->
    body->GetFederationTokenResult->Credentials->AccessKeyId;
  $SecretAccessKey = (string)$response->
    body->GetFederationTokenResult->Credentials->SecretAccessKey;
  $SessionToken = (string)$response->
    body->GetFederationTokenResult->Credentials->SessionToken;

所以这行得通

$credentials = $response->body->GetFederationTokenResult->Credentials->to_array()->getArrayCopy();
于 2012-10-10T00:03:37.987 回答