Menu
I am trying to shift from python boto to the newer boto3 module, for manipulating files on Amazon S3.
I also need to use Amazon IAM roles, as I did with the old boto module. I am not sure how the IAM role is set up on the server, but all I had to do is:
s3_conn = S3Connection()
and I would get access to all the buckets that the server has access to.
This seems to be different in boto3:
s3 = boto3.resource('s3')
for bucket in s3.buckets.all():
print(bucket.name)
I get an error:
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/boto3/resources/collection.py", line 83, in __iter__
for page in self.pages():
File "/usr/local/lib/python2.7/dist-packages/boto3/resources/collection.py", line 161, in pages
pages = [getattr(client, self._py_operation_name)(**params)]
File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 310, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 407, in _make_api_call
raise ClientError(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
I am going through boto3 documentation, but I am not sure what I need to do to set up the IAM roles:
http://boto3.readthedocs.org/en/latest/
404
To assume a role, an application calls the AWS STS AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. This session has the same permissions as the identity-based policies for that role.
You will need the s3:ListBucket permission in your policy for all relevant buckets. You can find a full list of S3 policy conditions here.
103
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
