AWS Core for the XP Framework

v2.7.0 2024-10-15 21:27 UTC

README

Build status on GitHub XP Framework Module BSD Licence Requires PHP 7.0+ Supports PHP 8.0+ Latest Stable Version

Provides common AWS functionality in a low-level and therefore lightweight library (less than 3% of the size of the official PHP SDK!)

Invoking a lambda

use com\amazon\aws\{Credentials, ServiceEndpoint};
use util\Secret;
use util\cmd\Console;
use util\log\Logging;

$credentials= new Credentials($accessKey, new Secret($secretKey));

$api= (new ServiceEndpoint('lambda', $credentials))->in('eu-central-1')->version('2015-03-31');
$api->setTrace(Logging::all()->toConsole());

$r= $api->resource('/functions/greet/invocations')->transmit(['name' => getenv('USER')]);

Console::writeLine($r);
Console::writeLine($r->value());

Credential providers

AWS credentials are stored in various places, depending on the runtime environment. The CredentialProvider class supports the following:

  • Environment variables: Uses AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and (if present) AWS_SESSION_TOKEN
  • Shared credentials and config files: Reads credentials from ~/.aws/config and (if present) ~/.aws/credentials (honoring alternative locations set via environment variables)
  • SSO: Uses configured SSO and the cached credentials created by AWS CLI's login command, including SSO session support
  • Amazon ECS container credentials: Uses the container API to fetch (and refresh, if necessary) the credentials

See https://docs.aws.amazon.com/sdkref/latest/guide/standardized-credentials.html

Sharing a S3 resource

The following creates a pre-signed link which is valid for 3 minutes:

use com\amazon\aws\{ServiceEndpoint, CredentialProvider};
use util\cmd\Console;

$s3= (new ServiceEndpoint('s3', CredentialProvider::default()))
  ->in('eu-central-1')
  ->using('my-bucket')
;
$link= $s3->sign('/path/to/resource.png', timeout: 180);

Console::writeLine($link);

Streaming uploads to S3

S3 doesn't double-encode its paths when signing them (see aws/aws-sdk-php#633), pass S3Key instances to support arbitrary filenames:

use com\amazon\aws\api\SignatureV4;
use com\amazon\aws\{ServiceEndpoint, CredentialProvider, S3Key};
use io\File;
use util\cmd\Console;

$s3= (new ServiceEndpoint('s3', CredentialProvider::default()))
  ->in('eu-central-1')
  ->using('my-bucket')
;

$file= new File($argv[1]);
$file->open(File::READ);

try {
  $transfer= $s3->resource(new S3Key('target', $file->filename))->open('PUT', [
    'x-amz-content-sha256' => SignatureV4::UNSIGNED, // Or calculate from file
    'Content-Type'         => 'text/plain',
    'Content-Length'       => $file->size(),
  ]);
  while (!$file->eof()) {
    $transfer->write($file->read());
  }
  $response= $transfer->finish();

  Console::writeLine($response);
} finally {
  $file->close();
}

Streaming responses from Bedrock AI models

See https://docs.aws.amazon.com/bedrock/latest/APIReference/API_runtime_ConverseStream.html:

use com\amazon\aws\{ServiceEndpoint, CredentialProvider};
use util\cmd\Console;

$model= 'anthropic.claude-3-5-sonnet-20240620-v1:0';
$runtime= (new ServiceEndpoint('bedrock', CredentialProvider::default()))
  ->using('bedrock-runtime.')
  ->in('eu-central-1')
;

$response= $runtime->resource('/model/{0}/converse-stream', [$model])->transmit([
  'system' => [['text' => 'Use informal language']],
  'messages' => [
    ['role' => 'user', 'content' => [['text' => $argv[1]]]],
  ],
  'inferenceConfig' => [
    'maxTokens'   => 1000,
    'temperature' => 0.5,
  ],
]);
foreach ($response->events() as $event) {
  Console::writeLine($event->header(':event-type'), ': ', $event->value());
}

See also