1 # Akeeba Amazon S3 Connector
3 A compact, dependency-less Amazon S3 API client implementing the most commonly used features
5 ## Why reinvent the wheel
7 After having a lot of impossible to debug problems with Amazon's Guzzle-based AWS SDK we decided to roll our own connector for Amazon S3. This is by no means a complete implementation, just a small subset of S3's features which are required by our software. The design goals are simplicity, no external dependencies and a low memory footprint.
9 This code was originally based on [S3.php written by Donovan Schonknecht](http://undesigned.org.za/2007/10/22/amazon-s3-php-class) which is available under a BSD-like license. This repository no longer reflects the original author's work and should not be confused with it.
11 This software is distributed under the GNU General Public License version 3 or, at your option, any later version published by the Free Software Foundation (FSF). In short, it's GPL-3.0-or-later, as noted in composer.json.
13 ## Important notes about version 2
15 ### PHP version support since 2.0
17 Akeeba Amazon S3 Connector version 2 has dropped support for PHP 5.3 to 7.0 inclusive.
19 The most significant change in this version is that all methods use scalar type hints for parameters and return values. This _may_ break existing consumers which relied on implicit type conversion.
21 ### Namespace change since 2.3
23 Up to and including version 2.2 of the library, the namespace was `\Akeeba\Engine\Postproc\Connector\S3v4`. From version 2.3 of the library the namespace has changed to `\Akeeba\S3`.
25 The library automatically registers aliases of the old classes to the new ones, thus ensuring updating the library will not introduce backwards incompatible changes. This is why it's not a major version update. Aliases will remain in place until at least version 3.0 of the library.
27 ## Using the connector
29 You need to define a constant before using or referencing any class in the library:
32 defined('AKEEBAENGINE') or define('AKEEBAENGINE', 1);
35 All library files have a line similar to
38 defined('AKEEBAENGINE') or die();
41 to prevent direct access to the libraries files. This is intentional. The primary use case for this library is mass-distributed software which gets installed in a publicly accessible subdirectory of the web root. This line prevents any accidental path disclosure from PHP error messages if someone were to access these files directly on misconfigured servers.
43 If you are writing a Joomla extension, especially a plugin or module, please _always_ check if the constant has already been defined before defining it yourself. Thank you!
45 ### Get a connector object
48 $configuration = new \Akeeba\S3\Configuration(
49 'YourAmazonAccessKey',
53 $connector = new \Akeeba\S3\Connector($configuration);
56 If you are running inside an Amazon EC2 instance you can fetch temporary credentials from the instance's metadata
57 server using the IAM Role attached to the EC2 instance. In this case you need to do this (169.254.169.254 is a fixed
58 IP hosting the instance's metadata cache service):
61 $role = file_get_contents('http://169.254.169.254/latest/meta-data/iam/security-credentials/');
62 $jsonCredentials = file_get_contents('http://169.254.169.254/latest/meta-data/iam/security-credentials/' . $role);
63 $credentials = json_decode($jsonCredentials, true);
64 $configuration = new \Akeeba\S3\Configuration(
65 $credentials['AccessKeyId'],
66 $credentials['SecretAccessKey'],
70 $configuration->setToken($credentials['Token']);
72 $connector = new \Akeeba\S3\Connector($configuration);
75 where `$yourRegion` is the AWS region of your bucket, e.g. `us-east-1`. Please note that we are passing the security
76 token (`$credentials['Token']`) to the Configuration object. This is REQUIRED. The temporary credentials returned by
77 the metadata service won't work without it.
79 Another point worth noting is that the temporary credentials don't last forever. Check the `$credentials['Expiration']` to see
80 when they are about to expire. Amazon recommends that you retry fetching new credentials from the metadata service
81 10 minutes before your cached credentials are set to expire. The metadata service is guaranteed to provision fresh
82 temporary credentials by that time.
87 $listing = $connector->listBuckets(true);
90 Returns an array like this:
97 string(64) "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
99 string(8) "someUserName"
106 string(10) "mybucket"
113 string(10) "anotherbucket"
120 string(11) "differentbucket"
128 ### Listing bucket contents
131 $listing = $connector->getBucket('mybucket', 'path/to/list/');
134 If you want to list "subdirectories" you need to do
137 $listing = $connector->getBucket('mybucket', 'path/to/list/', null, null, '/', true);
140 The last parameter (common prefixes) controls the listing of "subdirectories"
142 ### Uploading (small) files
147 $input = \Akeeba\S3\Input::createFromFile($sourceFile);
148 $connector->putObject($input, 'mybucket', 'path/to/myfile.txt');
154 $input = \Akeeba\S3\Input::createFromData($sourceString);
155 $connector->putObject($input, 'mybucket', 'path/to/myfile.txt');
158 From a stream resource:
161 $input = \Akeeba\S3\Input::createFromResource($streamHandle, false);
162 $connector->putObject($input, 'mybucket', 'path/to/myfile.txt');
165 In all cases the entirety of the file has to be loaded in memory.
167 ### Uploading large file with multipart (chunked) uploads
169 Files are uploaded in 5Mb chunks.
172 $input = \Akeeba\S3\Input::createFromFile($sourceFile);
173 $uploadId = $connector->startMultipart($input, 'mybucket', 'mypath/movie.mov');
181 // IMPORTANT: You MUST create the input afresh before each uploadMultipart call
182 $input = \Akeeba\S3\Input::createFromFile($sourceFile);
183 $input->setUploadID($uploadId);
184 $input->setPartNumber(++$partNumber);
186 $eTag = $connector->uploadMultipart($input, 'mybucket', 'mypath/movie.mov');
193 while (!is_null($eTag));
195 // IMPORTANT: You MUST create the input afresh before finalising the multipart upload
196 $input = \Akeeba\S3\Input::createFromFile($sourceFile);
197 $input->setUploadID($uploadId);
198 $input->setEtags($eTags);
200 $connector->finalizeMultipart($input, 'mybucket', 'mypath/movie.mov');
203 As long as you keep track of the UploadId, PartNumber and ETags you can have each uploadMultipart call in a separate
204 page load to prevent timeouts.
206 ### Get presigned URLs
208 Allows browsers to download files directly without exposing your credentials and without going through your server:
211 $preSignedURL = $connector->getAuthenticatedURL('mybucket', 'path/to/file.jpg', 60);
214 The last parameter controls how many seconds into the future this URL will be valid.
218 To a file with absolute path `$targetFile`
221 $connector->getObject('mybucket', 'path/to/file.jpg', $targetFile);
227 $content = $connector->getObject('mybucket', 'path/to/file.jpg', false);
233 $connector->deleteObject('mybucket', 'path/to/file.jpg');
236 ### Test if an object exists
241 $headers = $connector->headObject('mybucket', 'path/to/file.jpg');
244 catch (\Akeeba\S3\Exception\CannotGetFile $e)
251 The `$headers` variable contains an array with the S3 headers returned by the [HeadObject(https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadObject.html) API call. The header keys are always in lowercase. Please note that _not all_ of the headers Amazon describes in their documentation are returned in every request.
253 ## Configuration options
255 The Configuration option has optional methods which can be used to enable some useful features in the connector.
257 You need to execute these methods against the Configuration object before passing it to the Connector's constructor. For example:
260 $configuration = new \Akeeba\S3\Configuration(
261 'YourAmazonAccessKey',
262 'YourAmazonSecretKey'
265 // Use v4 signatures and Dualstack URLs
266 $configuration->setSignatureMethod('v4');
267 $configuration->setUseDualstackUrl(true);
269 $connector = new \Akeeba\S3\Connector($configuration);
272 ### HTTPS vs plain HTTP
274 **It is not recommended to use plain HTTP connections to Amazon S3**. If, however, you have no other option you can tell the Configuration object to use plain HTTP URLs:
277 $configuration->setSSL(false);
282 You can use the Akeeba Amazon S3 Connector library with S3-compatible APIs such as DigitalOcean's Spaces by changing the endpoint URL.
284 Please note that if the S3-compatible APi uses v4 signatures you need to enter the region-specific endpoint domain name and the region when initializing the object, e.g.:
287 // DigitalOcean Spaces using v4 signatures
288 // The access credentials are those used in the example at https://developers.digitalocean.com/documentation/spaces/
289 $configuration = new \Akeeba\S3\Configuration(
290 '532SZONTQ6ALKBCU94OU',
291 'zCkY83KVDXD8u83RouEYPKEm/dhPSPB45XsfnWj8fxQ',
295 $configuration->setEndpoint('nyc3.digitaloceanspaces.com');
297 $connector = new \Akeeba\S3\Connector($configuration);
300 If your S3-compatible API uses v2 signatures you do not need to specify a region.
303 // DigitalOcean Spaces using v2 signatures
304 // The access credentials are those used in the example at https://developers.digitalocean.com/documentation/spaces/
305 $configuration = new \Akeeba\S3\Configuration(
306 '532SZONTQ6ALKBCU94OU',
307 'zCkY83KVDXD8u83RouEYPKEm/dhPSPB45XsfnWj8fxQ',
310 $configuration->setEndpoint('nyc3.digitaloceanspaces.com');
312 $connector = new \Akeeba\S3\Connector($configuration);
315 ### Legacy path-style access
317 The S3 API calls made by this library will use by default the subdomain-style access. That is to say, the endpoint will be prefixed with the name of the bucket. For example, a bucket called `example` in the `eu-west-1` region will be accessed using the endpoint URL `example.s3.eu-west-1.amazonaws.com`.
319 If you have buckets with characters that are invalid in the context of DNS (most notably dots and uppercase characters) this will fail. You will need to use the legacy path style instead. In this case the endpoint used is the generic region specific one (`s3.eu-west-1.amazonaws.com` in our example above) and the API URL will be prefixed with the bucket name.
323 $configuration->setUseLegacyPathStyle(true);
326 Caveat: this will not work with v2 signatures if you are using Amazon AWS S3 proper. It will very likely work with the v2 signatures if you are using a custom endpoint, though.
328 ### Dualstack (IPv4 and IPv6) support
330 Amazon S3 supports dual-stack URLs which resolve to both IPv4 and IPv6 addresses. By default they are _not_ used. If you want to enable this feature you need to do:
333 $connector->setUseDualstackUrl(true);
336 Caveat: this option only takes effect if you are using Amazon S3 proper. It will _not_ have any effect with custom endpoints.