堆栈内存溢出
  简体   繁体   English

如何在 python boto3 中获取 iam 用户的 aws 托管策略的策略文档?

[英]How to get policy document for aws managed policy of a iam user in python boto3?

 原文  2020-07-08 13:04:34       python-3.x/ amazon-web-services/ boto3/ amazon-iam/ policy

问题描述

I'm able to retrieve the policy document for inline policies by "get_user_policy()" client.我可以通过“get_user_policy()”客户端检索内联策略的策略文档。 Is there any way to retrieve policy documents for AWS managed policies of IAM user..?有什么方法可以检索 IAM 用户的 AWS 托管策略的策略文档..?

import boto3
client = boto3.client('iam')
policy = iam.get_user_policy(UserName="<string>",PolicyName = "<string>")
doc = dict((k,response[k]) for k in ['PolicyDocument']if k in policy)
print(doc)

It seems like we can get a policy document of managed policy using its arn.似乎我们可以使用它的 arn 来获取托管策略的策略文档。 But I'm not sure how to get arn for all the managed policies which were attached to particular IAM user.但我不确定如何获取附加到特定 IAM 用户的所有托管策略的 arn。

So, How to get the policy document for aws managed policy of iam user in python?那么,如何在 python 中获取iam 用户的 aws 托管策略的策略文档

Thanks in advance.提前致谢。

2 个解决方案

解决方案1
 0  2020-07-08 19:00:33

解决方案2
 0 已采纳  2020-07-10 22:43:04

I have created one user called test1 and attached IAMReadOnlyAccess and PowerUserAccess.我创建了一个名为 test1 的用户并附加了 IAMReadOnlyAccess 和 PowerUserAccess。 The catch was ARN difference for AWS managed policy and customer managed policy.问题是 AWS 托管策略和客户托管策略的 ARN 差异。 For more info. 欲了解更多信息。

import boto3

iam_res = boto3.resource('iam')
user = iam_res.User('test1')

policy_iterator = user.attached_policies.all()

for each in policy_iterator:
    if each.arn.startswith('arn:aws:iam::aws'):
        print(each.default_version.document)

Here is the output.这是 output。

{'Statement': [{'Action': ['iam:GenerateCredentialReport',
                           'iam:GenerateServiceLastAccessedDetails',
                           'iam:Get*',
                           'iam:List*',
                           'iam:SimulateCustomPolicy',
                           'iam:SimulatePrincipalPolicy'],
                'Effect': 'Allow',
                'Resource': '*'}],
 'Version': '2012-10-17'}
{'Statement': [{'Effect': 'Allow',
                'NotAction': ['iam:*', 'organizations:*', 'account:*'],
                'Resource': '*'},
               {'Action': ['iam:CreateServiceLinkedRole',
                           'iam:DeleteServiceLinkedRole',
                           'iam:ListRoles',
                           'organizations:DescribeOrganization',
                           'account:ListRegions'],
                'Effect': 'Allow',
                'Resource': '*'}],
 'Version': '2012-10-17'}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 boto3 列出附加到角色的 AWS 托管策略 - How to list AWS managed policy attached to a role using boto3 策略中的 AWS Boto3 语法错误 - AWS Boto3 Syntax errors in policy 如何使用 boto3 从 IAM CreateRole 事件的 cloudtrail 事件中提取角色名称、策略 - How to extract rolename, policy from cloudtrail event for IAM CreateRole event using boto3 无法删除 AWS 角色策略 - 使用 Boto3 的 NoSuchEntity - Unable to delete AWS Role Policy - NoSuchEntity with Boto3 在boto3 get_policy_versions中使用通配符 - Using wildcards in boto3 get_policy_versions 如何通过 boto3 获取 AWS 的配额? - How to get quotas of AWS via boto3? 无法解析 AWS DynamoDB 二进制获取 boto3 python 中的项目 - Unable to parse AWS DynamoDB binary get item in boto3 python 如何将AWS托管策略附加到云形成和对流层中的角色 - How to attach an AWS managed policy to a role in cloudformation and troposphere 如何使用 python boto3 在 aws S3 中创建文件 - how to create file in aws S3 using python boto3 如何在 python 中使用 boto3 更新 AWS Gamelift 脚本? - How do I update an AWS Gamelift script with boto3 in python?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM