Using the AWS Credentials File and Credential Profiles
The AWS CLI stores configuration and credential in plain text files.
The format of the AWS credentials file should look something like the following.
; ~/.aws/credentials
[default]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[project1]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEYEach section represents a credential Profile which can be referenced in the Configuration
use AsyncAws\Core\AwsClientFactory;
$client = new AwsClientFactory([
'profile' => 'project1'
]);Note: When not defined, AsyncAws will use the profile named
default.
The profile can refer to a Role and specify the source of another profile that contains the IAM user credentials with permission to use the role.
; ~/.aws/config:
[profile user1]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[profile marketing]
role_arn = arn:aws:iam::123456789012:role/marketing
source_profile = user1AWS also store Credentials in the config file that should like.
; ~/.aws/config:
[profile default]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
region=eu-west-1
[profile project2]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
region=us-west-2The path to the credentials and config file can be optionally configured either with Configuration or env variables.
export AWS_SHARED_CREDENTIALS_FILE=/path/to/shared_credentials_file
export AWS_CONFIG_FILE=/path/to/config_fileuse AsyncAws\Core\AwsClientFactory;
$client = new AwsClientFactory([
'sharedCredentialsFile' => '/path/to/shared_credentials_file',
'sharedConfigFile' => '/path/to/config_file',
]);