如何通过Boto获取IAM策略文档 [英] How to get IAM Policy Document via boto

问题描述

我正在尝试通过boto获取aws IAM策略的详细信息，以便能够通过脚本备份或复制IAM策略.我已经搜索了boto 2和boto 3的文档，但没有发现任何获取已配置策略的json数据的可能性.

I am trying to get the details of a aws IAM Policy via boto to be able to backup or replicate IAM policies via script. I have searched the docs of boto 2 and 3 but did not find any possibility to get the json data of a configured policy.

我(成功地)做了什么:

What I (successfully) did:

• 通过IAM管理控制台创建策略
• 将其分配给角色
• 将其用于通过boto创建ec2实例

但是我找不到一种方法来检索关联的JSON数据(管理控制台中的策略文档")以将其保存到boto中.

But I cannot find a way to retrieve the associated JSON data ('Policy Document' in Management Console) to get it in boto.

我尝试了boto:

import boto.iam
REGION_NAME = 'eu-west-1'
iam_conn = boto.iam.connect_to_region(REGION_NAME)
arn = 'arn:myproperlyformattedarn'
p = iam_conn.get_policy(arn)
print p

结果:

{
    "get_policy_response": {
        "response_metadata": {
            "request_id": "XXXXX-XXXX-XXXX-XXXX-XXXX"
        },
        "get_policy_result": {
            "policy": {
                "update_date": "2016-04-15T12:51:21Z",
                "create_date": "2016-04-15T12:51:21Z",
                "is_attachable": "true",
                "policy_name": "My_Policy_Name",
                "default_version_id": "v1",
                "attachment_count": "1",
                "path": "/",
                "arn": "arn:aws:iam::123456789:policy/VerticaTest_GetConfigsFromS3",
                "policy_id": "XXXSOMELONGSTRINGXXXX"
            }
        }
    }
}

我所追求的是这样的东西(管理控制台中的策略文档):

What I am after is something like this (the policy document in Management Console):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::mybucketname",
                "arn:aws:s3:::mybucketname/*"
            ]
        }
    ]
}

推荐答案

由于有更好的支持和文档，请切换到boto3.像boto3文档中一样，get_policy()不会为您提供policydocument.

Please switch to boto3 as there is better support and documentation. As in boto3 documentation, get_policy() doesn't give you policydocument.

我能得到的最好的是get_account_authorization_details()

The best I can get is get_account_authorization_details()

http://boto3.readthedocs.org/en/latest/reference/services/iam.html#IAM.Client.get_account_authorization_details

我在cli下进行了快速检查，只需将所有命令替换为boto3，那么一切都很好.

I did a quick check under cli, just substitute all the command to boto3 then you are all good to go.

aws iam get-account-authorization-details --filter 'LocalManagedPolicy'

这篇关于如何通过Boto获取IAM策略文档的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！