Authentication

To make requests to AWS, credentials are required. There are multiple ways to authenticate and the method you prefer probably depends on where and how you run the code.

How authentication works

Each API client needs an Authentication provider. The provider will use some logic to return a Credentials object. It is a value object to store username and password (in simple terms).

By default AsyncAws uses a ChainProvider that iterates over all providers and uses the first provider in the chain that returns credentials without an error.

The providers are currently chained in the following order:

  1. Hard-Coded Configuration
  2. Environment Variables
  3. WebIdentity
  4. Credential and Configuration Files
  5. ECS Container Credentials
  6. EC2 Instance Metadata

Testing with authentication providers

The default provider chain could be too slow or too complex for testing. It is recommended to use the NullProvider in tests where you don't provide valid configuration values.

Caching credential

Fetching credential from AWS metadata endpoint (EC2 Instance, ECS Container, WebIdentity...) for each request can introduce latency. AsyncAws provides a PsrCacheProvider and a SymfonyCacheProvider decorator to persist and reuse credentials between each request.

use AsyncAws\Core\Credentials\CacheProvider; use AsyncAws\Core\Credentials\ChainProvider; use AsyncAws\Core\Credentials\SymfonyCacheProvider; use Symfony\Component\Cache\Adapter\FilesystemAdapter; $provider = ChainProvider::createDefaultChain(); $provider = new SymfonyCacheProvider($provider, new FilesystemAdapter('test')); // optional, decorate the provider with the in-memory Cache provider $provider = new CacheProvider($provider); $s3 = new S3Client([], $provider);