[Yandex Cloud documentation](../../index.md) > [Yandex Object Storage](../index.md) > [Tools](index.md) > SDK > AWS SDK for PHP

# AWS SDK for PHP


The [AWS SDK for PHP](https://aws.amazon.com/sdk-for-php/) is a software development kit for integration with AWS services.

## Getting started {#before-you-begin}

1. [Create a service account](../../iam/operations/sa/create.md).
1. [Assign to the service account the roles](../../iam/operations/sa/assign-role-for-sa.md) required for your project, e.g., [storage.editor](../security/index.md#storage-editor) for a bucket (to work with a particular bucket) or a folder (to work with all buckets in this folder). For more information about roles, see [Access management with Yandex Identity and Access Management](../security/index.md).

          
    To work with objects in an [encrypted](../concepts/encryption.md) bucket, a user or [service account](../../iam/concepts/users/service-accounts.md) must have the following [roles for the encryption key](../../kms/operations/key-access.md) in addition to the `storage.configurer` [role](../security/index.md#storage-configurer):
    
    * `kms.keys.encrypter`: To read the key, [encrypt](../../kms/security/index.md#kms-keys-encrypter) and upload objects.
    * `kms.keys.decrypter`: To read the key, [decrypt](../../kms/security/index.md#kms-keys-decrypter) and download objects.
    * `kms.keys.encrypterDecrypter`: This role includes the `kms.keys.encrypter` and `kms.keys.decrypter` [permissions](../../kms/security/index.md#kms-keys-encrypterDecrypter).
    
    For more information, see [Key Management Service service roles](../../kms/security/index.md#service-roles).


1. [Create a static access key](../../iam/operations/authentication/manage-access-keys.md#create-access-key).

    
    As a result, you will get the static access key data. To authenticate in Object Storage, you will need the following:
    
    * `key_id`: Static access key ID
    * `secret`: Secret key
    
    Save `key_id` and `secret`: you will not be able to get the key value again.



To access the HTTP API directly, you need static key authentication, which is supported by the tools listed in [Supported tools](index.md).
  
{% note info %}

You can [disable using static keys for bucket access](../operations/buckets/disable-statickey-auth.md). Once disabled, access will be denied to all tools using this access option: the AWS CLI, SDK, and third-party applications. Access via [ephemeral keys](../security/ephemeral-keys.md), [temporary Security Token Service access keys](../security/sts.md), and [pre-signed URLs](../security/overview.md#pre-signed) will also be disabled. Only access with an [IAM token](../../iam/concepts/authorization/iam-token.md) or [anonymous access](../security/public-access.md) (if enabled) will remain.

{% endnote %}


You can use Yandex Lockbox to safely store the static key for access to Object Storage. For more information, see [Using a Yandex Lockbox secret to store a static access key](../tutorials/static-key-in-lockbox/index.md).

{% note info %}

A service account is only allowed to view a list of buckets in the folder it was created in.

A service account can perform actions with objects in buckets that are created in folders different from the service account folder. To enable this, [assign](../../iam/operations/sa/assign-role-for-sa.md) the service account [roles](../security/index.md#service-roles) for the appropriate folder or its bucket.

{% endnote %}

## Installation {#installation}

To install the AWS SDK for PHP, follow the [guide](https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/getting-started_index.html) on the vendor's website. We recommend using the [Composer](https://getcomposer.org/) dependency manager.

## Setup {#setup}

1. In the `.aws` directory, create a file named `credentials`, copy the credentials you [got earlier](#before-you-begin), and paste them into it:

   ```
   [default]
   aws_access_key_id = <key_ID>
   aws_secret_access_key = <secret_key>
   ```

1. If using a LAMP image from Cloud Marketplace, add the `HOME` environment variable referring to your home folder to the Apache `httpd.conf` configuration file (`apache2.conf` for Debian and Ubuntu):

   ```
   SetEnv HOME <home_folder>
   ```
   
   For more information about the location and name of the Apache configuration file for different operating systems, see the [Apache HTTP Server Wiki](https://cwiki.apache.org/confluence/display/HTTPD/DistrosDefaultLayout).

You can use the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables instead of the `.aws/credentials` file.

Use the Object Storage address to access `storage.yandexcloud.net`.

## Code snippets {#code-examples}

{% list tabs %}

- List of bucket names

  Make sure to include your project path in the `autoload.php` file's connection string:

  ```php
  <?php

  // We assume that the AWS SDK is installed via Composer

  require "<project_path>/vendor/autoload.php";
  use Aws\S3\S3Client;

  $s3 = new S3Client([
      "version" => "latest",
      "endpoint" => "https://storage.yandexcloud.net",
      "region" => "ru-central1",
  ]);

  $buckets = $s3->listBuckets();
  $bucket_count = 1;

  echo "<b>Well, here are your buckets:</b></br></br>";
  foreach ($buckets["Buckets"] as $bucket) {
      echo $bucket_count . ". " . $bucket["Name"] . "</br>";
      $bucket_count++;
  }

  ?>
  ```

{% endlist %}

See also the [code snippets](https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/s3-examples.html) and [PHP API Reference Guide](https://docs.aws.amazon.com/aws-sdk-php/v3/api/index.html) in the AWS documentation.