Class Aws\Credentials\CredentialProvider

Credential providers are functions that accept no arguments and return a promise that is fulfilled with an {@see \Aws\Credentials\CredentialsInterface} or rejected with an {@see \Aws\Exception\CredentialsException}.


use Aws\Credentials\CredentialProvider;
$provider = CredentialProvider::defaultProvider();
// Returns a CredentialsInterface or throws.
$creds = $provider()->wait();

Credential providers can be composed to create credentials using conditional logic that can create different credentials in different environments. You can compose multiple providers into a single provider using {@see Aws\Credentials\CredentialProvider::chain}. This function accepts providers as variadic arguments and returns a new function that will invoke each provider until a successful set of credentials is returned.


// First try an INI file at this location.
$a = CredentialProvider::ini(null, '/path/to/file.ini');
// Then try an INI file at this location.
$b = CredentialProvider::ini(null, '/path/to/other-file.ini');
// Then try loading from environment variables.
$c = CredentialProvider::env();
// Combine the three providers together.
$composed = CredentialProvider::chain($a, $b, $c);
// Returns a promise that is fulfilled with credentials or throws.
$promise = $composed();
// Wait on the credentials to resolve.
$creds = $promise->wait();

Methods


					
	public
					static

defaultProvider(array $config = []): callable

Create a default credential provider that first checks for environment variables, then checks for assumed role via web…

Create a default credential provider that first checks for environment variables, then checks for assumed role via web identity, then checks for cached SSO credentials from the CLI, then check for credential_process in the "default" profile in ~/.aws/credentials, then checks for the "default" profile in ~/.aws/credentials, then for credential_process in the "default profile" profile in ~/.aws/config, then checks for "profile default" profile in ~/.aws/config (which is the default profile of AWS CLI), then tries to make a GET Request to fetch credentials if ECS environment variable is presented, finally checks for EC2 instance profile credentials.

This provider is automatically wrapped in a memoize function that caches previously provided credentials.

Parameters

$config

Optional array of ecs/instance profile credentials provider options.


					
	public
					static

fromCredentials(CredentialsInterface $creds): callable

Create a credential provider function from a set of static credentials.


					
	public
					static

chain(): callable

Creates an aggregate credentials provider that invokes the provided variadic providers one after the other until a…

Creates an aggregate credentials provider that invokes the provided variadic providers one after the other until a provider returns credentials.


					
	public
					static

memoize(callable $provider): callable

Wraps a credential provider and caches previously provided credentials.

Ensures that cached credentials are refreshed when they expire.

Parameters

$provider

Credentials provider function to wrap.


					
	public
					static

cache(callable $provider, CacheInterface $cache, string|null $cacheKey = null): callable

Wraps a credential provider and saves provided credentials in an instance of Aws\CacheInterface. Forwards calls when no…

Wraps a credential provider and saves provided credentials in an instance of Aws\CacheInterface. Forwards calls when no credentials found in cache and updates cache with the results.

Parameters

`$provider`	Credentials provider function to wrap
`$cache`	Cache to store credentials
`$cacheKey`	(optional) Cache key to use


					
	public
					static

env(): callable

Provider that creates credentials from environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION…

Provider that creates credentials from environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN.


					
	public
					static

instanceProfile(array $config = []): InstanceProfileProvider

Credential provider that creates credentials using instance profile credentials.

Parameters

$config

Array of configuration data.


					
	public
					static

sso($ssoProfileName = 'default', $filename = null, $config = []): callable

Credential provider that retrieves cached SSO credentials from the CLI


					
	public
					static

ecsCredentials(array $config = []): EcsCredentialProvider

Credential provider that creates credentials using ecs credentials by a GET request, whose uri is specified by…

Credential provider that creates credentials using ecs credentials by a GET request, whose uri is specified by environment variable

Parameters

$config

Array of configuration data.


					
	public
					static

assumeRole(array $config = []): callable

Credential provider that creates credentials using assume role

Parameters

$config

Array of configuration data


					
	public
					static

assumeRoleWithWebIdentityCredentialProvider(array $config = []): callable

Credential provider that creates credentials by assuming role from a Web Identity Token

Parameters

$config

Array of configuration data


					
	public
					static

ini(string|null $profile = null, string|null $filename = null, array|null $config = []): callable

Credentials provider that creates credentials using an ini file stored in the current user's home directory. A source…

Credentials provider that creates credentials using an ini file stored in the current user's home directory. A source can be provided in this file for assuming a role using the credential_source config option.

Parameters

`$profile`	Profile to use. If not specified will use the "default" profile in "~/.aws/credentials".
`$filename`	If provided, uses a custom filename rather than looking in the home directory.
`$config`	If provided, may contain the following: preferStaticCredentials: If true, prefer static credentials to role_arn if both are present disableAssumeRole: If true, disable support for roles that assume an IAM role. If true and role profile is selected, an error is raised. stsClient: StsClient used to assume role specified in profile


					
	public
					static

process(string|null $profile = null, string|null $filename = null): callable

Credentials provider that creates credentials using a process configured in ini file stored in the current user's home…

Credentials provider that creates credentials using a process configured in ini file stored in the current user's home directory.

Parameters

`$profile`	Profile to use. If not specified will use the "default" profile in "~/.aws/credentials".
`$filename`	If provided, uses a custom filename rather than looking in the home directory.


					
	public
					static

getCredentialsFromSource($profileName = '', $filename = '', $config = [])


					
	public
					static

shouldUseEcs(): boolean

Constants
`public`	`ENV_ARN = 'AWS_ROLE_ARN'`	#
`public`	`ENV_KEY = 'AWS_ACCESS_KEY_ID'`	#
`public`	`ENV_PROFILE = 'AWS_PROFILE'`	#
`public`	`ENV_ROLE_SESSION_NAME = 'AWS_ROLE_SESSION_NAME'`	#
`public`	`ENV_SECRET = 'AWS_SECRET_ACCESS_KEY'`	#
`public`	`ENV_ACCOUNT_ID = 'AWS_ACCOUNT_ID'`	#
`public`	`ENV_SESSION = 'AWS_SESSION_TOKEN'`	#
`public`	`ENV_TOKEN_FILE = 'AWS_WEB_IDENTITY_TOKEN_FILE'`	#
`public`	`ENV_SHARED_CREDENTIALS_FILE = 'AWS_SHARED_CREDENTIALS_FILE'`	#

Namespaces

Classes

Interfaces

Class Aws\Credentials\CredentialProvider

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters