search

aws / aws-sdk-php-laravel

A Laravel 5+ (and 4) service provider for the AWS SDK for PHP
http://aws.amazon.com/sdkforphp/
Apache License 2.0
1.65k stars 245 forks source link

Facing error in Laravel Application while accessing sts getSessionToken in aws sdk #217

Closed poovarasudev closed 2 years ago

poovarasudev commented 2 years ago

Describe the bug

Facing error while using $stsClient->getSessionToken() in Laravel Application. It is showing the below mentioned error. Screenshot 2022-07-08 at 4 57 29 PM Screenshot 2022-07-08 at 4 57 49 PM

Previously this same logic was worked fine in "aws/aws-sdk-php": "3.80"

Now after updating this to "aws/aws-sdk-php": "3.194.4" => this logic is not working.

I searched in all places & checked the latest AWS SDK documentation, but no improvements

Expected Behavior

That same logic need to give a temporary AWS credentials as per the old logics.

Current Behavior

This is throwing error as mentioned in the bug description.

Reproduction Steps

  1. Install "aws/aws-sdk-php": "3.194.4" package in Laravel / PHP Application.
  2. Add the AWS Keys in ENV (AWS_ACCESS_KEY_ID & AWS_SECRET_ACCESS_KEY)
  3. Add the below mentioned logic & find the issue $sts = new \Aws\Sts\StsClient([ 'version' => 'latest', 'region' => configS3('region'), ]); $awsS3SessionToken = $sts->getSessionToken();

Possible Solution

No response

Additional Information/Context

No response

SDK version used

v3.194.4

Environment details (OS name and version, etc.)

PHP Version - v8.0

yenfryherrerafeliz commented 2 years ago

Hi @poovarasudev, thanks for reaching out. Basically, the issue here is that you are trying to get temporary credentials "a session token" when being authenticated with a set of temporary credentials, and this is not allowed by the STS service. Please refer to the documentation for more information here. The following paragraphs contains the information I just mentioned:

Permissions The temporary security credentials created by GetSessionToken can be used to make API calls to any AWS service with the following exceptions:

  • You cannot call any IAM API operations unless MFA authentication information is included in the request.
  • You cannot call any AWS STS API except AssumeRole or GetCallerIdentity.

Thanks!

github-actions[bot] commented 2 years ago

This issue has not recieved a response in 1 week. If you want to keep this issue open, please just leave a comment below and auto-close will be canceled.