我正在尝试向 boto3 传递存储桶名称列表,并让它首先在每个存储桶上启用版本控制,然后在每个存储桶上启用生命周期策略。
我已经完成了 aws 配置,并且确实有两个配置文件,都是具有所有必要权限的当前活动用户配置文件。 我想使用的那个被命名为"默认"。
import boto3
# Create session
s3 = boto3.resource('s3')
# Bucket list
buckets = ['BUCKET-NAME']
# iterate through list of buckets
for bucket in buckets:
# Enable Versioning
bucketVersioning = s3.BucketVersioning('bucket')
bucketVersioning.enable()
# Current lifecycle configuration
lifecycleConfig = s3.BucketLifecycle(bucket)
lifecycleConfig.add_rule={
'Rules': [
{
'Status': 'Enabled',
'NoncurrentVersionTransition': {
'NoncurrentDays': 7,
'StorageClass': 'GLACIER'
},
'NoncurrentVersionExpiration': {
'NoncurrentDays': 30
}
}
]
}
# Configure Lifecycle
bucket.configure_lifecycle(lifecycleConfig)
print "Versioning and lifecycle have been enabled for buckets."
当我运行它时,出现以下错误:
Traceback (most recent call last):
File "putVersioning.py", line 27, in <module>
bucketVersioning.enable()
File "/usr/local/lib/python2.7/dist-packages/boto3/resources/factory.py", line 520, in do_action
response = action(self, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/boto3/resources/action.py", line 83, in __call__
response = getattr(parent.meta.client, operation_name)(**params)
File "/home/user/.local/lib/python2.7/site-packages/botocore/client.py", line 253, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/home/user/.local/lib/python2.7/site-packages/botocore/client.py", line 557, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutBucketVersioning operation: Access Denied
我的个人资料具有完全权限,所以这应该不是问题。传递凭据还需要执行其他操作吗?谢谢大家!
要设置版本控制状态,您必须是存储桶拥有者。
上述语句的意思是 - 要使用 PutBucketVersioning 操作来启用版本控制,您必须是存储桶的所有者。
使用以下命令检查存储桶的拥有者。如果您是存储桶的拥有者,您应该能够将版本控制状态设置为已启用/已挂起。
aws s3api get-bucket-acl --bucket yourBucketName
好的,概念任务是正确的; 但是,似乎我也通过引用一个变量在我的代码中搞砸了:
bucketVersioning = s3.BucketVersioning('bucket')
应该是
bucketVersioning = s3.BucketVersioning(bucket)