AWS IAM Python脚本-将新用户添加到现有组 [英] AWS IAM Python script - Add new User to existing Group

问题描述

上下文:我有一个Python脚本，可以创建一个User，决定是否以编程方式访问，并列出当前的Users组. 我的问题是我希望将新用户添加到显示的现有组之一中.

Context: I have a Python script that can create a User, decide on programmatic access or not, list the current Groups for Users. My issue is that I wish to add the new User to one of the existing, shown Groups.

我尝试了以下代码，但收到以下错误:

I have tried the code below but get the following error:

python ec2-play.py
Please enter your e-mail address: 1@1.com
Do you require programmatic access?(y/n): n
Console access only
[...list of Groups...]
1: admin-short-term
2: aws-admin
3: aws-admin-mfa
4: aws-training
Please pick a Group number: 4
You selected option 4: arn:aws:iam::xxxxxxxxxxxx:group/aws-training
Traceback (most recent call last):
  File "ec2-play.py", line 41, in <module>
    final = grp.add_user_to_group(GroupName=g, UserName=mail)
  File "/opt/axe/local/python/local/lib/python2.7/site-packages/botocore/client.py", line 314, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/opt/axe/local/python/local/lib/python2.7/site-packages/botocore/client.py", line 612, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.errorfactory.NoSuchEntityException: An error occurred (NoSuchEntity) when calling the AddUserToGroup operation: The group with name r cannot be found.

这是产生该错误输出的代码:

This the code that produces that error output:

import boto3

iam = boto3.resource('iam')
iam_keys = boto3.resource('iam')
group_list = boto3.client('iam')
attach_group = boto3.client('iam')
grp = boto3.client("iam")

mail = raw_input("Please enter your e-mail address: ")
response = iam.create_user(UserName=mail)

prog = raw_input("Do you require programmatic access?(y/n): ") 
if prog == "y":
        iam_keys.create_access_key(UserName=mail)
        print("Make sure awscli is installed on your machine")
elif prog == "n":
        print("Console access only")

list = group_list.list_groups()
groups = list['Groups']
print(groups)
index = 1

for group in groups:
        print("%d: %s" % (index, group["GroupName"]))
        index +=1

option = int(input("Please pick a Group number: "))
arn = groups[option-1]["Arn"]
print("You selected option %d: %s" % (option, arn))

var = "%s" % (arn)
var.split(":group/")[1]

g = var[1]

final = grp.add_user_to_group(GroupName=g, UserName=mail)

print("User has been added to Group %s you selected" % (g))

预期的行为::新用户将附加到选定的组.
实际行为: Python崩溃，提示找不到组r.

Expected behavior: New User gets attached the selected Group.
Actual behavior: Python crashes out saying Group r cannot be found.

推荐答案

您已经计算出选择了哪个组-这是groups列表中第option-1个元素.您可以通过常规方式检索其任何属性，例如:

You've already calculated which group was selected - it's the option-1'th element in the groups list. You can retrieve any of its attributes in the normal way, for example:

group = groups[option-1]
group_name = group["GroupName"]
group_arn = group["Arn"]

不用计算和使用g，只需使用groups[option-1][GroupName]作为组名(或如上计算的group_name).

Instead of calculating and using g, simply use groups[option-1]["GroupName"] for the group name (or group_name as calculated above).

这里的大局是，您将需要学习如何调试代码.一种在打印过程中打印出值(例如var和g)并将其与期望值进行比较的方法.源级调试器是另一种方法.

The bigger picture here is that you’re going to need to learn how to debug your code. Printing out values as you go along (var and g, for example) and comparing them to what you expected to see is one way. A source-level debugger is another way.

这篇关于AWS IAM Python脚本-将新用户添加到现有组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！