assumeRole provider - Amazon SDK for PHP
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

assumeRole provider

If you use Aws\Credentials\AssumeRoleCredentialProvider to create credentials by assuming a role, you need to provide 'client' information with an StsClient object and 'assume_role_params' details, as shown.

Note

To avoid unnecessarily fetching Amazon STS credentials on every API operation, you can use the memoize function to handle automatically refreshing the credentials when they expire. See the following code for an example.

use Aws\Credentials\CredentialProvider; use Aws\Credentials\InstanceProfileProvider; use Aws\Credentials\AssumeRoleCredentialProvider; use Aws\S3\S3Client; use Aws\Sts\StsClient; // Passing Aws\Credentials\AssumeRoleCredentialProvider options directly $profile = new InstanceProfileProvider(); $ARN = "arn:aws:iam::123456789012:role/xaccounts3access"; $sessionName = "s3-access-example"; $assumeRoleCredentials = new AssumeRoleCredentialProvider([ 'client' => new StsClient([ 'region' => 'us-east-2', 'version' => '2011-06-15', 'credentials' => $profile ]), 'assume_role_params' => [ 'RoleArn' => $ARN, 'RoleSessionName' => $sessionName, ], ]); // To avoid unnecessarily fetching STS credentials on every API operation, // the memoize function handles automatically refreshing the credentials when they expire $provider = CredentialProvider::memoize($assumeRoleCredentials); $client = new S3Client([ 'region' => 'us-east-2', 'version' => '2006-03-01', 'credentials' => $provider ]);

For more information regarding 'assume_role_params', see AssumeRole.