Release: AWS SDK for PHP 1.4

Release Notes>PHP>Release: AWS SDK for PHP 1.4
This release adds support for the AWS Security Token Service, Temporary Security Credentials for a subset of AWS services (Amazon EC2, Amazon S3, Amazon SNS, Amazon SQS), and resolves issues reported via the documentation feedback form.

Details

Submitted By: RyanP
Release Date: August 4, 2011 12:10 AM GMT
Latest Version: 1.4.0
Created On: August 4, 2011 12:10 AM GMT
Last Updated: August 4, 2011 12:10 AM GMT

Download

Download the latest AWS SDK for PHP

New Features

Change Description

AWS Security Token Service

This release introduces support for temporary security credentials, a new capability introduced in IAM. You can use temporary security credentials to grant temporary access to non-AWS users (federated users), to IAM users who need temporary access your AWS resources, and to your mobile and browser-based applications that need to access your AWS resources securely.

This example creates temporary security credentials that expire in 1 hour and prints them out, including the credentials expiration date.

// Instantiate the class
$token = new AmazonSTS();
$response = $token->get_session_token();

$credentials = $response->body->GetSessionTokenResult->Credentials->to_array()->getArrayCopy();
#=> array('AccessKeyId' => '******',
          'Expiration' => '******',
          'SecretAccessKey' => '******',
          'SessionToken' => '******' )

This example uses IAM user keys to create temporary security credentials that expire in 24 hours

// Instantiate the class
$token = new AmazonSTS();
$response = $token->get_session_token(array(
    'DurationSeconds' => 3600
));

$credentials = $response->body->GetSessionTokenResult->Credentials->to_array()->getArrayCopy();
#=> array('AccessKeyId' => '******',
          'Expiration' => '******',
          'SecretAccessKey' => '******',
          'SessionToken' => '******' )

This example creates federated security credentials that expire in 24 hours

// Instantiate the class
$token = new AmazonSTS();

// Generate a new IAM policy (https://awspolicygen.s3.amazonaws.com/policygen.html)
$policy = new CFPolicy($token, array(
    'Statement' => array(
        array(
            'Sid' => 'random-statement-id-' . time(),
            'Action' => array('s3:GetObject', 's3:GetObjectVersion', 's3:ListBucket', 's3:ListBucketVersions'),
            'Effect' => 'Allow',
            'Resource' => 'arn:aws:s3:::my-bucket/*'
        )
    )
));

// Fetch the session credentials
$response = $token->get_federation_token('my-user', array(
    'Policy' => $policy->get_json(),
    'DurationSeconds' => 3600
));

$credentials = $response->body->GetFederatedTokenResult->Credentials->to_array()->getArrayCopy();
#=> array('AccessKeyId' => '******',
          'Expiration' => '******',
          'SecretAccessKey' => '******',
          'SessionToken' => '******' )

For more information, see Granting Temporary Access to Your AWS Resources in Using IAM.

Temporary Security Credentials

Select services — Amazon EC2, Amazon S3, Amazon SNS, Amazon SQS — now support temporary session credentials.

This sample demonstrates the use of Amazon EC2 with basic, long lived credentials.

$ec2 = new AmazonEC2('long-term-key', 'long-term-secret');

This sample demonstrates the use of Amazon S3 with temporary session credentials.

// Instantiate the class
$token = new AmazonSTS();
$response = $token->get_session_token();
$credentials = $response->body->GetSessionTokenResult->Credentials;

$s3 = new AmazonS3((string) $credentials->AccessKeyId,
                   (string) $credentials->SecretAccessKey,
                   (string) $credentials->SessionToken);

SDK Compatibility Test

Support for verifying the installed SSL certificate, the status of open_basedir and safe_mode, and the status of the PHP 5.3 garbage collector have been added to the compatibility test.

The compatibility test now recommends optimal values for the AWS_CERTIFICATE_AUTHORITY and AWS_DEFAULT_CACHE_CONFIG configuration options based on the system's configuration.

Resolved Issues

Change Description

Documentation Errors

A number of minor typographical errors have been resolved.

Known Issues

Issue Description

2GB limit for 32-bit stacks

Because PHP's integer type is signed and many platforms use 32-bit integers, the AWS SDK for PHP does not correctly handle files larger than 2GB on a 32-bit stack (whereby "stack" includes CPU, OS, web server, and PHP binary). This is a well-known PHP issue.

The recommended solution is to use a 64-bit stack, such as the 64-bit Amazon Linux AMI with the latest version of PHP installed.

For more information, please see: PHP filesize: Return values. A workaround is suggested in AmazonS3::create_mpu_object() with files bigger than 2GB.

S3 Buckets containing periods

Amazon S3's SSL certificate covers domains that match *.s3.amazonaws.com. When buckets (e.g., my-bucket) are accessed using DNS-style addressing (e.g., my-bucket.s3.amazonaws.com), those SSL/HTTPS connections are covered by the certificate.

However, when a bucket name contains one or more periods (e.g., s3.my-domain.com) and is accessed using DNS-style addressing (e.g., s3.my-domain.com.s3.amazonaws.com), that SSL/HTTPS connection will fail because the certificate doesn't match.

The most secure workaround is to change the bucket name to one that does not contain periods. Less secure workarounds are to use disable_ssl() or disable_ssl_verification(). Because of the security implications, calling either of these methods will throw a warning. You can avoid the warning by adjusting your error_reporting() settings.

Expiring request signatures

When leveraging AmazonS3::create_mpu_object(), it's possible that later parts of the multipart upload will fail if the upload takes more than 15 minutes.

Too many open file connections

When leveraging AmazonS3::create_mpu_object(), it's possible that the SDK will attempt to open too many file resources at once. Because the file connection limit is not available to the PHP environment, the SDK is unable to automatically adjust the number of connections it attempts to open.

A workaround is to increase the part size so that fewer file connections are opened.

Exceptionally large batch requests

When leveraging the batch request feature to execute multiple requests in parallel, it's possible that the SDK will throw a fatal exception if a particular batch pool is exceptionally large and a service gets overloaded with requests.

This seems to be most common when attempting to send a large number of emails with the SES service.

Supported API Versions

The AWS SDK for PHP supports the following services and API versions:

Service API Version
Amazon CloudFront 2010-11-01
Amazon CloudWatch 2010-08-01
Amazon Elastic Compute Cloud (Amazon EC2) with Amazon Virtual Private Cloud (Amazon VPC) 2011-05-15
Amazon Elastic MapReduce (Amazon EMR) 2009-03-31
Amazon Relational Database Service (Amazon RDS) 2011-04-01
Amazon Simple Storage Service (Amazon S3) 2006-03-01
Amazon SimpleDB 2009-04-15
Amazon Simple Email Service (Amazon SES) 2010-12-01
Amazon Simple Notification Service (Amazon SNS) 2010-03-31
Amazon Simple Queue Service (Amazon SQS) 2009-02-01
Auto Scaling 2010-08-01
AWS CloudFormation 2010-05-15
AWS Elastic Beanstalk 2010-12-01
AWS Identity and Access Management 2010-05-08
AWS Import/Export 2010-06-01
AWS Security Token Service 2011-06-15
Elastic Load Balancing (ELB) 2011-04-05
©2017, Amazon Web Services, Inc. or its affiliates. All rights reserved.