如何通过Boto获取IAM策略文档 [英] How to get IAM Policy Document via boto
问题描述
我正在尝试通过boto获取aws IAM策略的详细信息,以便能够通过脚本备份或复制IAM策略.我已经搜索了boto 2和boto 3的文档,但没有发现任何获取已配置策略的json数据的可能性.
I am trying to get the details of a aws IAM Policy via boto to be able to backup or replicate IAM policies via script. I have searched the docs of boto 2 and 3 but did not find any possibility to get the json data of a configured policy.
我(成功地)做了什么:
What I (successfully) did:
- 通过IAM管理控制台创建策略
- 将其分配给角色
- 将其用于通过boto创建ec2实例
但是我找不到一种方法来检索关联的JSON数据(管理控制台中的策略文档")以将其保存到boto中.
But I cannot find a way to retrieve the associated JSON data ('Policy Document' in Management Console) to get it in boto.
我尝试了boto:
import boto.iam
REGION_NAME = 'eu-west-1'
iam_conn = boto.iam.connect_to_region(REGION_NAME)
arn = 'arn:myproperlyformattedarn'
p = iam_conn.get_policy(arn)
print p
结果:
{
"get_policy_response": {
"response_metadata": {
"request_id": "XXXXX-XXXX-XXXX-XXXX-XXXX"
},
"get_policy_result": {
"policy": {
"update_date": "2016-04-15T12:51:21Z",
"create_date": "2016-04-15T12:51:21Z",
"is_attachable": "true",
"policy_name": "My_Policy_Name",
"default_version_id": "v1",
"attachment_count": "1",
"path": "/",
"arn": "arn:aws:iam::123456789:policy/VerticaTest_GetConfigsFromS3",
"policy_id": "XXXSOMELONGSTRINGXXXX"
}
}
}
}
我所追求的是这样的东西(管理控制台中的策略文档):
What I am after is something like this (the policy document in Management Console):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::mybucketname",
"arn:aws:s3:::mybucketname/*"
]
}
]
}
推荐答案
由于有更好的支持和文档,请切换到boto3.像boto3文档中一样,get_policy()不会为您提供policydocument.
Please switch to boto3 as there is better support and documentation. As in boto3 documentation, get_policy() doesn't give you policydocument.
我能得到的最好的是get_account_authorization_details()
The best I can get is get_account_authorization_details()
我在cli下进行了快速检查,只需将所有命令替换为boto3,那么一切都很好.
I did a quick check under cli, just substitute all the command to boto3 then you are all good to go.
aws iam get-account-authorization-details --filter 'LocalManagedPolicy'
这篇关于如何通过Boto获取IAM策略文档的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!