如何为 PHP 设置 AWS S3 凭证 [英] How to set up AWS S3 credentials for PHP

问题描述

我是 S3 的新手，很难通过文件设置我的凭据.这是我目前使用硬编码凭据的有效解决方案(IAM_KEY 和 IAM_SECRET 是用于存储我的密钥的变量):

I'm new to S3 and am having a hard time setting up my credentials via a file. This is a working solution that I currently have using hard-coded credentials (IAM_KEY and IAM_SECRET are variables used to store my key):

// Using hard-coded credentials
    $s3 = new S3Client([
        'version'     => 'latest',
        'region'      => 'us-east-1',
        'credentials' => [
            'key'    => $IAM_KEY,
            'secret' => $IAM_SECRET ,
        ],
    ]);

但是，我想将密钥和秘密存储在一个文件中，这样当我将文件推送到 GitHub 时它是不可见的.这是我的尝试不起作用:

However, I want to store the key and secret in a file so that it is not visible when I push my files onto GitHub. Here is my attempt that doesn't work:

// using credential file - not working :(
$s3 = S3Client::factory(
     array(
        'profile' => 'my_profile',
        'version' => 'latest',
        'region'  => 'us-east-1'
    ));

我的凭据文件如下:

[my_profile]
aws_access_key_id = someKey
aws_secret_access_key = someKey

我已阅读 AWS 上的文档(https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html)但我仍然卡住了.它提到我必须将我的凭证文件存储在 ~/.aws/credentials 中，但是，我找不到那个目录(我需要先安装 AWS 的命令行工具吗?).另外，凭证文件的扩展名是什么?

I've read the docs on AWS (https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html) but am still stuck. It mentions that I have to store my credentials file in ~/.aws/credentials, however, I cannot find that directory (do I need to first install the command line tool for AWS?). Also, what is the extension of the credentials file?

我已经坚持了几个小时，所以任何帮助将不胜感激.

I've been stuck on this for hours so any help will be appreciated.

推荐答案

您可以将您的 AWS 凭证存储在一个文件中，该文件被 .gitignore 文件忽略.

You can store your AWS credentials in a file which is ignored by way of a .gitignore file.

例如:

aws-credentials.php

<?php

    $IAM_KEY = 'key';
    $IAM_SECRET = 'secret';

?>

index.php

<?php                                                                           

require_once('aws-credentials.php');                                            

echo $IAM_KEY . "\n\n";                                                         
echo $IAM_SECRET . "\n\n";                                                      

?> 

.gitignore

aws-credentials.php

由于 .gitignore 文件中引用了文件aws-credentials.php"，因此当您将更改提交到 git 时不会包含该文件.

Since the file "aws-credentials.php" is referenced in the .gitignore file, it won't be included when you commit your changes to git.

自从我在生产环境中使用 PHP 已经有一段时间了，但是将 aws-credentials.php 文件存储在您的 Web 根目录之外也是一种很好的做法，只是为了排除文件内容的远程可能性如果 Web 服务器未配置为正确执行 PHP 文件，则会暴露.

It's been a while since I've used PHP in a production environment but it would also be good practice to store the aws-credentials.php file outside of your web root, just to exclude the remote possibility of the file's contents being exposed in the event the web server is not configured to execute PHP files correctly.

如果您在 Amazon EC2 上托管应用程序，最好不要使用 IAM 凭证，而是使用 IAM 角色.

If you're hosting the application on Amazon EC2, it is also good practice to not use IAM credentials at all, but instead use IAM roles.

这篇关于如何为 PHP 设置 AWS S3 凭证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！