get_session_token ( $opt )

The GetSessionToken action returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an Access Key ID, a Secret Access Key, and a security token. These credentials are valid for the specified duration only. The session duration for IAM users can be between 15 minutes and 36 hours, with a default of 12 hours. The session duration for AWS account owners is restricted to a maximum of one hour. Providing the AWS Multi-Factor Authentication (MFA) device serial number and the token code is optional.

For more information about using GetSessionToken to create temporary credentials, go to Creating Temporary Credentials to Enable Access for IAM Users in Using IAM.

Access

public

Parameters

Parameter

Type

Required

Description

$opt

array

Optional

An associative array of parameters that can have the following keys:

  • DurationSeconds - integer - Optional - The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900s (15 minutes) to 129600s (36 hours), with 43200s (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600s (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.
  • SerialNumber - string - Optional - The identification number of the MFA device for the user. If the IAM user has a policy requiring MFA authentication (or is in a group requiring MFA authentication) to access resources, provide the device value here. The value is in the Security Credentials tab of the user’s details pane in the IAM console. If the IAM user has an active MFA device, the details pane displays a Multi-Factor Authentication Device value. The value is either for a virtual device, such as arn:aws:iam::123456789012:mfa/user, or it is the device serial number for a hardware device (usually the number from the back of the device), such as GAHT12345678. For more information, see Using Multi-Factor Authentication (MFA) Devices with AWS in Using IAM. [Constraints: The value must be between 9 and 256 characters, and must match the following regular expression pattern: [\w+=/:,.@-]*]
  • TokenCode - string - Optional - The value provided by the MFA device. If the user has an access policy requiring an MFA code (or is in a group requiring an MFA code), provide the value here to get permission to resources as specified in the access policy. If MFA authentication is required, and the user does not provide a code when requesting a set of temporary security credentials, the user will receive an “access denied” response when requesting resources that require MFA authentication. For more information, see Using Multi-Factor Authentication (MFA) Devices with AWS in Using IAM. [Constraints: The value must be between 6 and 6 characters, and must match the following regular expression pattern: [\d]*]
  • curlopts - array - Optional - A set of values to pass directly into curl_setopt(), where the key is a pre-defined CURLOPT_* constant.
  • returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.

Returns

Type

Description

CFResponse

A CFResponse object containing a parsed HTTP response.

Examples

Fetch an ad-hoc set of session credentials.

// Instantiate the class
$token = new AmazonSTS();

$response = $token->get_session_token();

// Success?
var_dump($response->isOK());
Result:
bool(true)

Fetch an ad-hoc set of session credentials, set to expire after 3600 seconds (1 hour).

// Instantiate the class
$token = new AmazonSTS();

$response = $token->get_session_token(array(
	'DurationSeconds' => 3600
));

// Success?
var_dump($response->isOK());
Result:
bool(true)

Source

Method defined in services/sts.class.php | Toggle source view (6 lines) | View on GitHub

public function get_session_token($opt = null)
{
    if (!$opt) $opt = array();
            
    return $this->authenticate('GetSessionToken', $opt);
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback