cache_instance_profile_credentials ( $cache, $options )

Fetches and caches EC2 instance profile credentials. This is meant to be used by the constructor, and is not to be manually invoked.

Access

public

Parameters

Parameter

Type

Required

Description

$cache

CacheCore

Required

The a reference to the cache object that is being used to handle the caching.

$options

array

Required

The options that were passed into the constructor.

Returns

Type

Description

mixed

The data to be cached, or NULL.

Source

Method defined in sdk.class.php | Toggle source view (57 lines) | View on GitHub

public function cache_instance_profile_credentials($cache, $options)
{
    $instance_profile_url = 'http://169.254.169.254/latest/meta-data/iam/security-credentials/';
    $connect_timeout = isset($options['instance_profile_timeout']) ? $options['instance_profile_timeout'] : 2;

    try
    {
        // Make a call to the EC2 Metadata Service to find the available instance profile
        $request = new RequestCore($instance_profile_url);
        $request->set_curlopts(array(CURLOPT_CONNECTTIMEOUT => $connect_timeout));
        $response = $request->send_request(true);

        if ($response->isOK())
        {
            // Get the instance profile name
            $profile = (string) $response->body;

            // Make a call to the EC2 Metadata Service to get the instance profile credentials
            $request = new RequestCore($instance_profile_url . $profile);
            $request->set_curlopts(array(CURLOPT_CONNECTTIMEOUT => $connect_timeout));
            $response = $request->send_request(true);

            if ($response->isOK())
            {
                // Get the credentials
                $credentials = json_decode($response->body, true);

                if ($credentials['Code'] === 'Success')
                {
                    // Determine the expiration time
                    $expiration_time = strtotime((string) $credentials['Expiration']);
                    $expiration_duration = round(($expiration_time - time()) * 0.85);
                    $cache->expire_in($expiration_duration);

                    // Return the credential information
                    return array(
                        'key'     => $credentials['AccessKeyId'],
                        'secret'  => $credentials['SecretAccessKey'],
                        'token'   => $credentials['Token'],
                        'expires' => $credentials['Expiration'],
                    );
                }
            }
        }
    }
    catch (cURL_Exception $e)
    {
        // The EC2 Metadata Service does not exist or had timed out.
        // An exception will be thrown on the next line.
    }

    // @codeCoverageIgnoreStart
    throw new CFCredentials_Exception('No credentials were provided. The SDK attempted to retrieve Instance '
        . 'Profile credentials from the EC2 Instance Metadata Service, but failed to do so. Instance profile '
        . 'credentials are only accessible on EC2 instances configured with a specific IAM role.');
    // @codeCoverageIgnoreEnd
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback