Using AWS Identity and Access Management. * * For more detailed information about using this service, go to Granting Temporary Access to Your AWS Resources, in * Using AWS Identity and Access Management. * * For specific information about setting up signatures and authorization through the API, go to Making Query Requests in Using AWS Identity and * Access Management. * * If you're new to AWS and need additional technical information about a specific AWS product, you can find the product's technical * documentation at http://aws.amazon.com/documentation/. * * We will refer to Amazon AWS Security Token Service using the abbreviated form STS, and to Amazon Identity and Access Management using the * abbreviated form IAM. All copyrights and legal protections still apply. * * @version Tue Aug 23 12:52:18 PDT 2011 * @license See the included NOTICE.md file for complete information. * @copyright See the included NOTICE.md file for complete information. * @link http://aws.amazon.com/sts/AWS Secure Token Service * @link http://aws.amazon.com/documentation/sts/AWS Secure Token Service documentation */ class AmazonSTS extends CFRuntime { /*%******************************************************************************************%*/ // CLASS CONSTANTS /** * Specify the default queue URL. */ const DEFAULT_URL = 'sts.amazonaws.com'; /*%******************************************************************************************%*/ // CONSTRUCTOR /** * Constructs a new instance of . * * @param string $key (Optional) Your Amazon API Key. If blank, it will look for the AWS_KEY constant. * @param string $secret_key (Optional) Your Amazon API Secret Key. If blank, it will look for the AWS_SECRET_KEY constant. * @return boolean false if no valid values are set, otherwise true. */ public function __construct($key = null, $secret_key = null) { $this->api_version = '2011-06-15'; $this->hostname = self::DEFAULT_URL; if (!$key && !defined('AWS_KEY')) { // @codeCoverageIgnoreStart throw new STS_Exception('No account key was passed into the constructor, nor was it set in the AWS_KEY constant.'); // @codeCoverageIgnoreEnd } if (!$secret_key && !defined('AWS_SECRET_KEY')) { // @codeCoverageIgnoreStart throw new STS_Exception('No account secret was passed into the constructor, nor was it set in the AWS_SECRET_KEY constant.'); // @codeCoverageIgnoreEnd } return parent::__construct($key, $secret_key); } /*%******************************************************************************************%*/ // SERVICE METHODS /** * * The GetSessionToken action returns a set of temporary credentials for an AWS account or IAM User. The credentials consist of an Access Key * ID, a Secret Access Key, and a security token. These credentials are valid for the specified duration only. The session duration for IAM * users can be between one and 36 hours, with a default of 12 hours. The session duration for AWS account owners is restricted to one hour. * * For more information about using GetSessionToken to create temporary credentials, go to Creating Temporary Credentials to Enable Access for * IAM Users in Using AWS Identity and Access Management. * * @param array $opt (Optional) An associative array of parameters that can have the following keys: * @return CFResponse A object containing a parsed HTTP response. */ public function get_session_token($opt = null) { if (!$opt) $opt = array(); return $this->authenticate('GetSessionToken', $opt, $this->hostname); } /** * * The GetFederationToken action returns a set of temporary credentials for a federated user with the user name and policy specified in the * request. The credentials consist of an Access Key ID, a Secret Access Key, and a security token. The credentials are valid for the specified * duration, between one and 36 hours. * * The federated user who holds these credentials has any permissions allowed by the intersection of the specified policy and any resource or * user policies that apply to the caller of the GetFederationToken API, and any resource policies that apply to the federated user's ARN. For * more information about how token permissions work, see Controlling Permissions in Temporary Credentials in * Using AWS Identity and Access Management. For information about using GetFederationToken to create temporary credentials, see Creating Temporary Credentials to Enable Access for * Federated Users in Using AWS Identity and Access Management. * * @param string $name (Required) The name of the federated user associated with the credentials. For information about limitations on user names, go to Limitations on IAM Entities in Using AWS Identity and Access Management. * @param array $opt (Optional) An associative array of parameters that can have the following keys: * @return CFResponse A object containing a parsed HTTP response. */ public function get_federation_token($name, $opt = null) { if (!$opt) $opt = array(); $opt['Name'] = $name; return $this->authenticate('GetFederationToken', $opt, $this->hostname); } } /*%******************************************************************************************%*/ // EXCEPTIONS /** * Default STS Exception. */ class STS_Exception extends Exception {}