I have a problem using the AWS PHP SDK when calling AssumeRole from the apache server (PHP SDK) the following error appears
Error executing "AssumeRole" on "https://sts.amazonaws.com";
AWS HTTP error: Client error: `POST https://sts.amazonaws.com` resulted in a `403 Forbidden`
response: Sender AccessDeni (truncated...) AccessDenied (client): Access denied - Sender AccessDenied Access denied
I tested the command to assume role in the same ec2 machine using AWS CLI and it works fine.
Here is the code That I used.
const AccessKey = "<AccessKey>";
const SecretAccessKey = "<SecretAccessKey>";
const AccountID = "<AccountID>";
const Name_space = "default"; // leave this as default
use Aws\Sts\StsClient;
use Aws\Sts\StsException;
try {
$sts = new Aws\Sts\StsClient([
'region' => 'us-east-1',
'version' => 'latest',
'credentials ' => array('key' => AccessKey,
'secret' => SecretAccessKey)
]);
$session = $sts->assumeRole([
'DurationSeconds' => 900,
'RoleArn' => '<arn>', // REQUIRED
'RoleSessionName' => testSession, // REQUIRED
]);
} catch (Exception $e) {
exit($e->getMessage());
}
--EDITED to add the following--
the user dose have a policy to assume the role
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "<role arn>"
}
}
and this is the trust relationship for the role
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com",
"AWS": "<user arn>"
},
"Action": "sts:AssumeRole"
}
]
}
Open role in AWS console > Trust Relationship. Click on "Edit Trust Relationship" and paste the following