AWS SDK for PHP
The AWS SDK for PHP
Getting started
-
Assign to the service account the roles required for your project, e.g., storage.editor for a bucket (to work with a particular bucket) or a folder (to work with all buckets in this folder). For more information about roles, see Access management with Yandex Identity and Access Management.
To work with objects in an encrypted bucket, a user or service account must have the following roles for the encryption key in addition to the
storage.configurer
role:kms.keys.encrypter
: To read the key, encrypt and upload objects.kms.keys.decrypter
: To read the key, decrypt and download objects.kms.keys.encrypterDecrypter
: This role includes thekms.keys.encrypter
andkms.keys.decrypter
permissions.
For more information, see Key Management Service service roles.
-
As a result, you will get the static access key data. To authenticate in Object Storage, you will need the following:
key_id
: Static access key IDsecret
: Secret key
Save
key_id
andsecret
: you will not be able to get the key value again.
Note
A service account is only allowed to view a list of buckets in the folder it was created in.
A service account can perform actions with objects in buckets that are created in folders different from the service account folder. To enable this, assign the service account roles for the appropriate folder or its bucket.
Installation
To install the AWS SDK for PHP, follow the guide
Configuration
-
In your home folder, create a file named
.aws/credentials
with this static key:[default] aws_access_key_id = <key_ID> aws_secret_access_key = <secret_key>
-
If using a LAMP image from Cloud Marketplace, add the
HOME
environment variable referring to your home folder to the Apachehttpd.conf
configuration file (apache2.conf
for Debian and Ubuntu):SetEnv HOME <home_folder>
For more information about the location and name of the Apache configuration file for different operating systems, see the Apache HTTP Server Wiki
.
You can use the AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
environment variables instead of the .aws/credentials
file.
Use the storage.yandexcloud.net
address to access Object Storage.
Code examples
Make sure to include your project path in the autoload.php
file's connection string:
<?php
// We assume that the AWS SDK is installed via Composer
require "<project_path>/vendor/autoload.php";
use Aws\S3\S3Client;
$s3 = new S3Client([
"version" => "latest",
"endpoint" => "https://storage.yandexcloud.net",
"region" => "ru-central1",
]);
$buckets = $s3->listBuckets();
$bucket_count = 1;
echo "<b>Well, here are your buckets:</b></br></br>";
foreach ($buckets["Buckets"] as $bucket) {
echo $bucket_count . ". " . $bucket["Name"] . "</br>";
$bucket_count++;
}
?>
See also the code examples