amazon-s3 - 使用 Cloudformation 启用 S3 清单
问题描述
如此图所示,我可以使用控制台启用库存。有没有办法用boto做同样的事情?
更新:
这是有效的完整脚本!
import boto3
s3_client = boto3.client(
"s3",
aws_access_key_id="XXX",
aws_secret_access_key="XXX",
region_name="us-east-1",
)
response = s3_client.put_bucket_inventory_configuration(
Bucket="athenadata16",
Id="myinventory",
InventoryConfiguration={
"Destination": {
"S3BucketDestination": {
"AccountId": "1234567890",
"Bucket": "arn:aws:s3:::athenadata16",
"Format": "ORC",
"Prefix": "mypre",
}
},
"IsEnabled": True,
"Filter": {"Prefix": "myprefilter"},
"Id": "myinventory",
"IncludedObjectVersions": "Current",
"OptionalFields": [
"Size",
"LastModifiedDate",
"StorageClass",
"ETag",
"IsMultipartUploaded",
"ReplicationStatus",
"EncryptionStatus",
"ObjectLockRetainUntilDate",
"ObjectLockMode",
"ObjectLockLegalHoldStatus",
"IntelligentTieringAccessTier",
],
"Schedule": {"Frequency": "Daily"},
},
)
根据文档,可以使用 cloudformation 添加库存。
有人可以提供一个例子吗?
更新 2:
执行以下模板后,创建了一个名为“athenadata162a-bucketwithinventory-1snf1yx82si5c”的新存储桶。这是意料之中的。由于 BucketArn 设置,库存目标存储桶指向“athenadata162”。我需要将它指向当前的存储桶名称。可能吗?
Resources:
BucketWithInventory:
Type: "AWS::S3::Bucket"
Properties:
InventoryConfigurations:
-
Destination:
BucketAccountId: !Sub '${AWS::AccountId}'
BucketArn: !Sub 'arn:aws:s3:::athenadata16'
Format: CSV
Prefix: mypre
Enabled: true
Id: myinventory
IncludedObjectVersions: Current
OptionalFields:
- Size
- LastModifiedDate
- StorageClass
- ETag
- IsMultipartUploaded
- ReplicationStatus
- ObjectLockRetainUntilDate
- ObjectLockMode
- ObjectLockLegalHoldStatus
- IntelligentTieringAccessTier
Prefix: myprefilter
ScheduleFrequency: Daily
如果我把它改成这个,我会得到循环引用错误。
BucketArn: !Sub 'arn:aws:s3:::${BucketWithInventory}'
感谢 franklinsijo 的回答,这是创建带有库存的存储桶的完整代码,该存储桶将 csv 文件保存在同一个存储桶中。
Resources:
BucketWithInventory:
Type: "AWS::S3::Bucket"
Properties:
BucketName: !Sub 'athenadata162-${AWS::AccountId}'
InventoryConfigurations:
-
Destination:
BucketAccountId: !Sub '${AWS::AccountId}'
BucketArn: !Sub 'arn:aws:s3:::athenadata162-${AWS::AccountId}'
Format: CSV
Prefix: mypre
Enabled: true
Id: myinventory
IncludedObjectVersions: Current
OptionalFields:
- Size
- LastModifiedDate
- StorageClass
- ETag
- IsMultipartUploaded
- ReplicationStatus
- ObjectLockRetainUntilDate
- ObjectLockMode
- ObjectLockLegalHoldStatus
- IntelligentTieringAccessTier
Prefix: myprefilter
ScheduleFrequency: Daily
更新 4:
当我手动添加库存配置时,会自动添加以下存储桶策略。上面提到的 cloudformation 模板不包含此步骤,因此会出现“拒绝访问”错误。如何将其包含在该模板中?
{
"Id": "S3-Console-Auto-Gen-Policy-1585038423058",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "S3PolicyStmt-DO-NOT-MODIFY-1585038422770",
"Effect": "Allow",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::athenadata162-1234567890/*"
],
"Condition": {
"ArnLike": {
"aws:SourceArn": [
"arn:aws:s3:::athenadata162-1234567890"
]
},
"StringEquals": {
"aws:SourceAccount": [
"1234567890"
],
"s3:x-amz-acl": "bucket-owner-full-control"
}
}
}
]
}
更新 5
模板的最终版本将如下所示...
Resources:
BucketWithInventory:
Type: "AWS::S3::Bucket"
Properties:
BucketName: !Sub '${AWS::StackName}-${AWS::AccountId}'
InventoryConfigurations:
-
Destination:
BucketAccountId: !Sub '${AWS::AccountId}'
BucketArn: !Sub 'arn:aws:s3:::${AWS::StackName}-${AWS::AccountId}'
Format: CSV
Prefix: mypre
Enabled: true
Id: myinventory
IncludedObjectVersions: Current
OptionalFields:
- Size
- LastModifiedDate
- StorageClass
- ETag
- IsMultipartUploaded
- ReplicationStatus
- ObjectLockRetainUntilDate
- ObjectLockMode
- ObjectLockLegalHoldStatus
- IntelligentTieringAccessTier
Prefix: myprefilter
ScheduleFrequency: Daily
BucketPolicyForInventoryBucket:
Type: AWS::S3::BucketPolicy
Properties:
Bucket: !Ref BucketWithInventory
PolicyDocument:
Statement:
-
Effect: Allow
Principal:
Service: s3.amazonaws.com
Action:
- s3:PutObject
Resource:
- !Join ["", ["arn:aws:s3:::", !Ref BucketWithInventory, "/*"]]
Condition:
ArnLike:
aws:SourceArn:
- !Join ["", ["arn:aws:s3:::", !Ref BucketWithInventory, "/*"]]
StringEquals:
aws:SourceAccount:
- !Sub '${AWS::AccountId}'
s3:x-amz-acl: bucket-owner-full-control
解决方案
Boto3 参考列出了许多使用库存配置的方法,特别是:
如果您曾经问自己“boto3 可以这样做吗?”,请转到 boto3 文档,找到相应的服务参考 ( https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/index.html ) 和在该页面上快速按 Ctrl+F。很可能 boto3 确实可以做到这一点。
推荐阅读
- azure-machine-learning-service - Torchvision 0.3.0 用于在 AML 服务上训练模型
- python-3.x - 使用递归的数字的奇数和偶数之和
- javascript - 浏览器拒绝 javascript play()
- javascript - 如何通过 JS map 函数传递 If 子句
- javascript - 重定向到另一个页面后如何保留吐司布尔玛
- css - 名为“stylesheet.css”的文件是必要的/强制性的吗?
- dropdown - 使用一个单元格将值添加到命名范围
- reactjs - 我正在尝试从 firestore 中提取数据并使用 snapShot 方法将其设置到我的数组中
- reactjs - 如何摆脱 TypeError: Cannot read property 'map' of undefined error?
- java - 无法在 dialogFragment android 中设置来自画廊或相机的图像