These steps lead to PHP code that writes files to S3.
Rather than using all-access keys, I created very specific permission for this example. Specifically, I created an AWS IAM (identity and access management) user, generated access keys specific to the user, and gave the user permission to do only what I needed.
For our experiments' credentials:
For the record, my "policy document" / "Show Policy Result" was:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1409831404000", "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::KwynnWebExample/*" ] } ] }
Besides the AWS PHP library (detailed below), I needed cURL for PHP. I'm running Ubuntu 2014.04 (Trusty Tahr); the install command was: sudo apt-get install php5-curl
I put the aws.phar file in the folder where I put the code.
For the code below, substitute your key, secret, and bucket name.
<?php require('aws.phar'); use Aws\S3\S3Client; $config = array( 'key' => 'AKIA', // real key is 20 characters 'secret' => 'XCInn26', // real secret is 40 chars ); $s3v2 = S3Client::factory($config); $result = $s3v2->putObject(array( 'Bucket' => 'KwynnWebExample', 'Key' => 'data8.txt', // in this case, Key is filename 'Body' => 'Hello!' )); echo $result['ObjectURL'] . "\n"; ?>
Note that each successful execution will cost you $0.01 (one cent), even if you delete it immediately. (S3 price chart)
That's it! Run it. If it works, you'll get an immediately-useless URL. I say immediately-useless because permission darned well better be denied if you simply click it. If it doesn't work, you'll know it, and you won't see a URL. If it works, you can of course see your new file under your S3 bucket in the AWS console.
It appears that multiple "puts" of the same filename will result in an overwrite. (There is likely another option. I'm sure that's discussed in great detail elsewhere.)
PHP Fatal error: Uncaught Aws\S3\Exception\SignatureDoesNotMatchException: AWS Error Code: SignatureDoesNotMatch, Status Code: 403, AWS Request ID: AC629447E4FB5F27, AWS Error Type: client, AWS Error Message: The request signature we calculated does not match the signature you provided. Check your key and signing method., User-Agent: aws-sdk-php2/2.6.15 Guzzle/3.9.2 curl/7.35.0 PHP/5.5.9-1ubuntu4.3 thrown in phar:///home/k/tech/AWS/S3test/aws.phar/Aws/Common/Exception/NamespaceExceptionFactory.php on line 91
In my experience, this means that your key (key ID) or secret (key) is wrong. I got this because I blatantly pasted this info incorrectly.
This example page is actually a bad example in part because it assumes you're transitioning from API v1 to 2. I list it though, because that's where I got my info, although I had to work for it from that page. I would guess there are better examples out there.
For the record, the putObject doc.
This is not precisely on topic, but you might find you had the same potential problem. The AWS security prompts led me to realize that I still had active whole-account-access keys and X.509 certs lying around from my previous tinkering. You might want to check this: From the first AWS screen, click under your name / AWS ID and then "Security Credentials." Check all the categories, but, again, for me, it was access keys and X.509 certs I had lying around. I deactivated them, and I will likely delete them soon.
Access keys and X.509s on that screen are different than the key that gets you into your EC2. Deactivate the above rather than delete, though, log into your EC2 with your key to make 100% sure I'm right, and then you should feel ok deleting old, no-longer-used stuff.
Feel free to republish. I'd like credit, a link back to this page (if feasible and the page is still alive), and please specify if you modify and how much (minor edits, rewrite, etc).
realized problems with php tag and fixed soon after at 7:59am then minior edit at 8:00am
Page created 2014/09/05 7:29am EDT