AWS SDK for PHP

Document

https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/getting-started_installation.html

composer require aws/aws-sdk-php

API Reference

https://docs.aws.amazon.com/aws-sdk-php/v3/api/index.html

https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.Sdk.html

Sample Code

use Aws\Exception\AwsException;
use Aws\Lambda\LambdaClient;
use Aws\S3\S3Client;

// The same options that can be provided to a specific client constructor can also be supplied to the Aws\Sdk class.
// Use the us-west-2 region and latest version of each client.
$sharedConfig = [
    'region' => 'us-west-2',
    'version' => 'latest'
];

// Create an SDK class used to share configuration across clients.
$sdk = new Aws\Sdk($sharedConfig);

// Create an Amazon S3 client using the shared configuration data.
$client = $sdk->createS3();
$client = $sdk->createLambda();

Configuration for the AWS SDK for PHP Version 3

https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_index.html

$s3Client = new S3Client([
    'version'     => 'latest',
    'region'      => 'us-west-2',
    'credentials' => [
        'key'    => 'my-access-key-id',
        'secret' => 'my-secret-access-key',
    ],
]);

Lambda Client

https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.Lambda.LambdaClient.html

執行時可能會權限問題,要在Lambda console中加入Root帳號的權限. 另外測試有發生奇怪的問題,明明應該是用root, 但錯誤訊息卻說 “arn:aws:iam::12341234:user/s3-bucket-user-20210120 is not authorized” 目前無解,硬把這個User加入Lambda的Policy就好了。

"message": "Error executing \"Invoke\" on \"https://lambda.ap-northeast-1.amazonaws.com/2015-03-31/functions/arn%3Aaws%3Alambda%3Aap-northeast-1%3A146960510302%3Afunction%3AVODLambdaConvert%3A2/invocations?Qualifier=2\"; AWS HTTP error: Client error: `POST https://lambda.ap-northeast-1.amazonaws.com/2015-03-31/functions/arn%3Aaws%3Alambda%3Aap-northeast-1%3A146960510302%3Afunction%3AVODLambdaConvert%3A2/invocations?Qualifier=2` resulted in a `403 Forbidden` response:\n{\"Message\":\"User: arn:aws:iam::146960510302:user/s3-bucket-user-20210120 is not authorized to perform: lambda:InvokeFunc (truncated...)\n AccessDeniedException (client): User: arn:aws:iam::146960510302:user/s3-bucket-user-20210120 is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:ap-northeast-1:146960510302:function:VODLambdaConvert:2 - {\"Message\":\"User: arn:aws:iam::146960510302:user/s3-bucket-user-20210120 is not authorized to perform: lambda:InvokeFunction on resource: arn:aws:lambda:ap-northeast-1:146960510302:function:VODLambdaConvert:2\"}",
    "exception": "Aws\\Lambda\\Exception\\LambdaException",
    "file": "D:\\ww

組態 -> 許可 -> 基於資源的政策

Lambda的function至少也要有一個完整的版本

完整sample code

use Aws\Exception\AwsException;
use Aws\Sdk;
use Aws\S3\S3Client;
use Aws\Lambda\LambdaClient;

public function invoke_lambda(){
	$event = Storage::get('lambda_event_template.json');
	$event = json_decode($event);
	//logg($event);

	$sharedConfig = [
		'region' => 'ap-northeast-1',
		'version' => 'latest', 
		'credentials' => [
			'key'    => env('AWS_ACCESS_KEY_ID'),
			'secret' => env('AWS_SECRET_ACCESS_KEY'),
		],
	];
	//logg($sharedConfig);

	// Create an SDK class used to share configuration across clients.
	$sdk = new Sdk($sharedConfig);

	// Create an Amazon S3 client using the shared configuration data.
	$client = $sdk->createLambda();

	$result = $client->invoke([
		'ClientContext' => '',
		'FunctionName' => '<Function ARN>', // REQUIRED
		'InvocationType' => 'Event',
		'LogType' => 'Tail',
		'Payload' => json_encode($event),
		'Qualifier' => '1',//版本號
	]);

	logg($result);
}