home

Amazon Web Services S3 PHP example ("Hello World")

These steps lead to PHP code that writes files to S3.

Create an S3 bucket

  1. From your AWS Management Console or "Services" dropdown, pick "S3."
  2. Click "Create Bucket," enter a "Bucket Name," leave region as US Standard, click "Create."
  3. You should see your new bucket under "All Buckets." (I called mine "KwynnWebExample")

Security Credentials / Access Keys / User permissions

Rather than using all-access keys, I created very specific permission for this example. Specifically, I created an AWS IAM (identity and access management) user, generated access keys specific to the user, and gave the user permission to do only what I needed.

For our experiments' credentials:

  1. From your AWS account, go to your name / AWS user ID in the top right, drop down the box, and pick "Security Credentials."
  2. Unless you've previously cleared the prompt, you'll get one encouraging you to "Get Started with IAM Users." Click that. (Otherwise, click "Users" on the left)
  3. Click "Create New Users."
  4. Enter a user name; leave "Generate an access key..." checked. Click "create."
  5. As indicated, this will be your only chance to download the Access Key ID and Secret Access Key. Either copy, paste, and save the ID and Key, or download them. If you download, you'll get a CSV file "credentials.csv". Once you've saved the creds, close that page.
  6. You'll be at the list of users now. Click the user you just created.
  7. Click "Attach User Policy." (The word "attach" may be misleading; this doesn't mean upload.)
  8. Click the "Policy Generator," the second option. Then click "Select."
  9. Set the "Edit Permissions" screen like this: Effect: Allow (leave as is), AWS Service: Amazon S3, Actions: "PutObject" (check it)
  10. My Amazon Resource Name (ARN) would be: arn:aws:s3:::KwynnWebExample/*
    Substitute your bucket name accordingly.
  11. Click "Add Statement" then "Next Step" then "Apply Policy"

For the record, my "policy document" / "Show Policy Result" was:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1409831404000",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::KwynnWebExample/*"
      ]
    }
  ]
}

Install cURL for PHP

Besides the AWS PHP library (detailed below), I needed cURL for PHP. I'm running Ubuntu 2014.04 (Trusty Tahr); the install command was: sudo apt-get install php5-curl

Download AWS PHP Library

  1. (Optionally) Go to the AWS PHP SDK page.
  2. On the right, under "Downloads," click AWS SDK for PHP
  3. Download the "aws.phar" file (7.64 MB for v2.6.15)

The Code

I put the aws.phar file in the folder where I put the code.

For the code below, substitute your key, secret, and bucket name.


<?php
	require('aws.phar');

	use Aws\S3\S3Client;

	$config = array(
	    'key'    => 'AKIA',    // real key is 20 characters
	    'secret' => 'XCInn26', // real secret is 40 chars
	);

	$s3v2 = S3Client::factory($config);

	$result = $s3v2->putObject(array(
	    'Bucket' => 'KwynnWebExample',
	    'Key'    => 'data8.txt',       // in this case, Key is filename
	    'Body'   => 'Hello!'
	));

	echo $result['ObjectURL'] . "\n";
?>

Note that each successful execution will cost you $0.01 (one cent), even if you delete it immediately. (S3 price chart)

That's it! Run it. If it works, you'll get an immediately-useless URL. I say immediately-useless because permission darned well better be denied if you simply click it. If it doesn't work, you'll know it, and you won't see a URL. If it works, you can of course see your new file under your S3 bucket in the AWS console.

It appears that multiple "puts" of the same filename will result in an overwrite. (There is likely another option. I'm sure that's discussed in great detail elsewhere.)

A possible error message

PHP Fatal error:  Uncaught Aws\S3\Exception\SignatureDoesNotMatchException: AWS Error Code: SignatureDoesNotMatch, Status Code: 403, AWS Request ID: AC629447E4FB5F27, AWS Error Type: client, AWS Error Message: The request signature we calculated does not match the signature you provided. Check your key and signing method., User-Agent: aws-sdk-php2/2.6.15 Guzzle/3.9.2 curl/7.35.0 PHP/5.5.9-1ubuntu4.3
  thrown in phar:///home/k/tech/AWS/S3test/aws.phar/Aws/Common/Exception/NamespaceExceptionFactory.php on line 91

In my experience, this means that your key (key ID) or secret (key) is wrong. I got this because I blatantly pasted this info incorrectly.

Links

This example page is actually a bad example in part because it assumes you're transitioning from API v1 to 2. I list it though, because that's where I got my info, although I had to work for it from that page. I would guess there are better examples out there.

For the record, the putObject doc.

Global / All-Access Access Keys and X.509 Certs

This is not precisely on topic, but you might find you had the same potential problem. The AWS security prompts led me to realize that I still had active whole-account-access keys and X.509 certs lying around from my previous tinkering. You might want to check this: From the first AWS screen, click under your name / AWS ID and then "Security Credentials." Check all the categories, but, again, for me, it was access keys and X.509 certs I had lying around. I deactivated them, and I will likely delete them soon.

Access keys and X.509s on that screen are different than the key that gets you into your EC2. Deactivate the above rather than delete, though, log into your EC2 with your key to make 100% sure I'm right, and then you should feel ok deleting old, no-longer-used stuff.

Please Republish

Feel free to republish. I'd like credit, a link back to this page (if feasible and the page is still alive), and please specify if you modify and how much (minor edits, rewrite, etc).

History

realized problems with php tag and fixed soon after at 7:59am then minior edit at 8:00am

Page created 2014/09/05 7:29am EDT

Valid XHTML 1.0 Strict