Samples

Last Updated: Jul 03, 2017

  1. <?php
  2. /*
  3. * Before using STS SDK, read description on role management in the RAM Manual, and read the STS API Documentation
  4. *
  5. */
  6. include_once 'aliyun-php-sdk-core/Config.php';
  7. use Sts\Request\V20150401 as Sts;
  8. // Currently, STS can only issue a Token for resources required for your operations in the East China 1 (Hangzhou) region, but the Token issued can be used in all regions
  9. // Only sub-account can use the role
  10. $iClientProfile = DefaultProfile::getProfile("cn-hangzhou", "<acccess-key-id>", "<access-key-secret>");
  11. $client = new DefaultAcsClient($iClientProfile);
  12. // You can obtain the role resource descriptor from the resource details page on RAM console
  13. $roleArn = "<role-arn>";
  14. // When assuming a role (AssumeRole), you can assign an authorization policy to further limit the role permission.
  15. // For details, refer to the "RAM Use Guide"
  16. // The authorization policy indicates the read-only permission on all OSS resources
  17. $policy=<<<POLICY
  18. {
  19. "Statement": [
  20. {
  21. "Action": [
  22. "oss:Get*",
  23. "oss:List*"
  24. ],
  25. "Effect": "Allow",
  26. "Resource": "*"
  27. }
  28. ],
  29. "Version": "1"
  30. }
  31. POLICY;
  32. $request = new Sts\AssumeRoleRequest();
  33. // RoleSessionName indicates the session name of a temporary ID which is used to distinguish different temporary temporary IDs
  34. // You can use your customer's ID as the session name
  35. $request->setRoleSessionName("client_name");
  36. $request->setRoleArn($roleArn);
  37. $request->setPolicy($policy);
  38. $request->setDurationSeconds(3600);
  39. $response = $client->doAction($request);
  40. print_r("\r\n");
  41. print_r($response);
  42. ?>
Thank you! We've received your feedback.