在我们的aws帐户中,我们有大约1000个S3 bucket,每个S3 bucket都有对应于应用程序名称的标记(例如,key=application,value=app1)。我试图找出一个特定应用程序拥有多少S3存储桶。因此,首先得到所有S3 bucket的列表;然后遍历该列表以匹配“app1”的标记值。这应该很简单,但由于某些原因,它给出了“AccessDenied when calling GetBucketTagging operation”错误。我验证了我假设的IAM角色对GetBucketTagging有权限
1)获得了使用凭据的s3 bucket的列表(我假设是IAM角色) 2) 遍历列表并尝试匹配标记的key,value对(key=application,value=application1)
import boto3
client = boto3.client('s3')
buckets = client.list_buckets()['Buckets']
matching_buckets = []
# tag key and value to search for
tag_key = 'application'
tag_value = 'app1'
for bucket in buckets:
tags = client.get_bucket_tagging(Bucket=bucket['Name'])['TagSet']
for tag in tags:
if tag['Key'] == tag_key and tag['Value'] == tag_value:
matching_buckets.append(bucket['Name'])
import boto3
s3 = boto3.client('s3')
app = "app1"
bucketlist = s3.list_buckets()['Buckets']
print(len(bucketlist))
bucketname = []
n=0
#iterate thru the list of {Name, CreationDate} to get all the bucket names and append to empty list
def bucket_tagging_method(b,app):
mybucketlist = []
bucket_tagging = s3.get_bucket_tagging(Bucket=b)
tag_set = bucket_tagging['TagSet']
for tag in tag_set:
if (tag['Key'] == "application") and (tag['Value'] == app) :
mybucketlist.append(b)
pass
return(mybucketlist)
while n < len(bucketlist):
d = bucketlist[n]
bucketname.append(d['Name'])
n+=1
for i in bucketname:
print(bucket_tagging_method(i,app))
它给出了以下错误
tags = client.get_bucket_tagging(Bucket=bucket['Name'])['TagSet']
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.7/site-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetBucketTagging operation: Access Denied
相关问题 更多 >
编程相关推荐