Tar*_*ung 14 python boto amazon-web-services
我已经使用python boto模块从AWS iam成功获取了用户.
码:
import boto
from boto.iam.connection import IAMConnection
cfn = IAMConnection(aws_access_key_id='somekeyid',aws_secret_access_key ='secret_here')
data = cfn.get_all_users()
for user in data.users:
print user,"\n"
如何获取用户与之关联的组详细信息或与用户关联的权限类型?
我添加了这行代码来获取与用户关联的组,我收到了下面提到的错误.
新增代码:
group=cfn.get_groups_for_user("Shital")
print group
其中,"Shital"是存在并从上方取出的用户.出于测试目的,我手动将其传递给函数调用.
错误:
Traceback (most recent call last):
File "getuser.py", line 14, in <module>
pol=cfn.get_groups_for_user("Shita")
File "/home/tara/testinghere/IAM/env/local/lib/python2.7/site-packages/boto/iam/connection.py", line 509, in get_groups_for_user
list_marker='Groups')
File "/home/tara/testinghere/IAM/env/local/lib/python2.7/site-packages/boto/iam/connection.py", line 102, in get_response
raise self.ResponseError(response.status, response.reason, body)
boto.exception.BotoServerError: BotoServerError: 403 Forbidden
<ErrorResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<Error>
<Type>Sender</Type>
<Code>AccessDenied</Code>
<Message>User: arn:aws:iam::586848946515:user/qa-api-users is not authorized to perform: iam:ListGroupsForUser on resource: user Shita</Message>
</Error>
<RequestId>7e9a4b56-95f0-11e7-9bb0-8b8eb22708c5</RequestId>
</ErrorResponse>
使用具有适当权限的凭据对于此查询的工作至关重要。正如 code_onkel 指出的那样,根据需要分配 IAMFullAccess 或 AdministratorAccess 以成功完成交易是有意义的。
| 归档时间: |
|
| 查看次数: |
418 次 |
| 最近记录: |