我试图通过boto获取aws IAM策略的详细信息,以便能够通过脚本备份或复制IAM策略.我搜索了boto 2和3的文档,但没有找到任何获取已配置策略的json数据的可能性.
我(成功)做了什么:
但我找不到一种方法来检索关联的JSON数据(管理控制台中的"策略文档")以获取它.
我用boto试过的:
import boto.iam
REGION_NAME = 'eu-west-1'
iam_conn = boto.iam.connect_to_region(REGION_NAME)
arn = 'arn:myproperlyformattedarn'
p = iam_conn.get_policy(arn)
print p
结果:
{
"get_policy_response": {
"response_metadata": {
"request_id": "XXXXX-XXXX-XXXX-XXXX-XXXX"
},
"get_policy_result": {
"policy": {
"update_date": "2016-04-15T12:51:21Z",
"create_date": "2016-04-15T12:51:21Z",
"is_attachable": "true",
"policy_name": "My_Policy_Name",
"default_version_id": "v1",
"attachment_count": "1",
"path": "/",
"arn": "arn:aws:iam::123456789:policy/VerticaTest_GetConfigsFromS3",
"policy_id": "XXXSOMELONGSTRINGXXXX"
}
}
}
}
我所追求的是这样的事情(管理控制台中的政策文件):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::mybucketname",
"arn:aws:s3:::mybucketname/*"
]
}
]
}