aws-sdk-php, to instantiate the IamClient, it requires you to pass in a "region". If IAM is Global, why is region required?

0

This could be a fundamental question about how IAM works, but my understanding is that IAM is global. When I create a user/role/policy through the web console, I don't specify a region. And from within IAM in the web console, region is set to "Global" (through the dropdown in the upper right corner).

But when I try to instantiate the AWS SDK for PHP - IamClient

use Aws\Iam\IamClient;
use Aws\Exception\AwsException;

$client = new IamClient([
    'profile' => $aws_profile,
    'region' => $aws_region,
    'version' => '2010-05-08'
]);

It will fail if I don't set the Region.

So why does this SDK require region to be set? Is this value used somewhere that I'm not seeing?


Sorry if this is the wrong place for this. The PHP Development forum using the AWS SDK for PHP (https://forums.aws.amazon.com/forum.jspa?forumID=80) appears to have been shutdown and it redirects to repost.aws - but I don't see any SDK specific questions here, and this won't even let me tag my question with PHP or SDK...

asked 10 months ago45 views
1 Answer
1
Accepted Answer

AWS endpoints are regional. For example here are the IAM endpoints.. You experience something similar in the S3 console, it will indicate global, but actually the buckets and objects are region-scoped, they exist in a region. The bucket name has to be unique within the partition so you don't have to specify the region in the ARN

IAM resource (user, groups, roles, policies) are partition-scoped (globally-scoped). They can be referenced, accessed, managed from any region in the partition. You will noticed that IAM resource ARNs do not specify the region.

profile picture
EXPERT
kentrad
answered 10 months ago
  • Ok, so basically, the region I set doesn't matter, just so something is set?

  • In the IAM case, yes. It uses that region value to construct/find the endpoint that it calls.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions