stackoom
  简体   繁体   中英

How to access someone else's AWS S3 'bucket' with Boto3 and Username?

 原文  2019-11-16 20:25:54       python/ amazon-web-services/ amazon-s3/ boto3

Question

I'm trying to download AWS S3 content using Python/Boto3.

A third-party is uploading a data, and I need to download it. They provided credentials like this:

  • Username: MYUser
  • aws_access_key_id: SOMEKEY
  • aws_secret_access_key: SOMEOTHERKEY

Using a popular Windows 10 app CyberDuck, my 'Username' is added to the application's path settings, third-party/MYUser/myfolder

Nothing I'm given here is my bucket .

my_bucket = s3.Bucket('third-party/MYUser')
ParamValidationError: Parameter validation failed:
Invalid bucket name 'third-party/MYUser': Bucket name must match the regex "^[a-zA-Z0-9.\-_]{1,255}$"

my_bucket = s3.Bucket('third-party')
ClientError: An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

my_bucket = s3.Bucket('MYStuff')
NoSuchBucket: An error occurred (NoSuchBucket) when calling the ListObjects operation: The specified bucket does not exist

From what I've read, third-party is the AWS S3 bucket name, but I can't find an explanation for how to access a sub-directory of someone else's bucket.

I'm see Bucket() has some user parameters. I read elsewhere about roles , and access control lists . But I'm not finding a simple example.

How do I access someone else's bucket on AWS S3 given Username?

1 answers

solution1
 3 ACCPTED  2019-11-16 21:03:27

Amazon S3 does not actually have directories. Rather, the Key (filename) of an object contains the full path of the object.

For example, consider this object:

s3://my-bucket/invoices/foo.txt
  • The bucket is my-bucket
  • The Key of the object is invoices/foo.txt

So, you could access the object with:

import boto3

s3_resource = boto3.resource('s3')
object = s3.Object('my-bucket','invoices/foo.txt')

To keep S3 compatible with systems and humans who expect to have folders and directories, it maintains a list of CommonPrefixes , which are effectively the same as directories. They are derived from the names between slashes ( / ). So, CyberDuck can give users the ability to navigate through directories.

However, the third-party might have only assigned you enough permission to access your own directory, but not the root directory. In this case, you will need to navigate straight to your directory without clicking through the hierarchy.

A good way to use an alternate set of credentials is to store them as a separate profile:

aws configure --profile third-party

You will then be prompted for the credentials.

Then, you can use the credentials like this:

aws s3 ls s3://third-party/MyUser --profile third-party
aws s3 cp s3://third-party/MyUser/folder/foo.txt .

The --profile at the end lets you select which credentials to use.

The boto3 equivalent is: 

session = boto3.Session(profile_name='third-party')
s3_resource = session.resource('s3')
object = s3.Object('THEIR-bucket','MYinvoices/foo.txt')

See: Credentials — Boto 3 Documentation

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question python boto3: AWS Rekognition is unable to access S3 bucket How to check whether s3 access key has access to a specific bucket or not in aws using boto3 How to access AWS S3 data using boto3 No Credentials Error - Using boto3 and aws s3 bucket Boto3 AWS S3 bucket creation error boto3 aws check if s3 bucket is encrypted AWS : Python Script to Retrieve list of S3 bucket having Cross account access using boto3 Cannot Access Subfolder of S3 bucket – Python, Boto3 Trying to access a s3 bucket using boto3, but getting 403 How to upload file to folder in aws S3 bucket using python boto3
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM