I'm using the AWS CLI to create and upload policies to a number of buckets - example:
#!/usr/bin/env bash
NAME="test_client"
aws s3 create-bucket --bucket ${NAME}_source_bucket
Great. All good so far. Next, I'd like to run the following:
ARN="xxxx-xxxx-xxxx"
put-bucket-policy --bucket ${NAME}_source_bucket --policy source_bucket_policy.json
Where my bucket policy is to the effect of:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::${NAME}_source_bucket"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::${NAME}_source_bucket/*"
}
]
}
If you are writing this from a script, you could use a heredoc .
If you're running this repeatedly from the command line, you could also create a template JSON.
Heredoc
#!/usr/bin/env bash
NAME="test_client"
aws s3 create-bucket --bucket ${NAME}_source_bucket
ARN="xxxx-xxxx-xxxx"
put-bucket-policy --bucket ${NAME}_source_bucket --policy << EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::${NAME}_source_bucket"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::${NAME}_source_bucket/*"
}
]
}
EOF
Template
# create the template, only need to do this once
cat << EOF > mytemplate.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<ARN>:role/<NAME>_source_role"
},
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::<NAME>_source_bucket"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<ARN>:role/<NAME>_source_role"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::<NAME>_source_bucket/*"
}
]
}
# overwrite the template with your values
NAME="test_client"
ARN="xxxx-xxxx-xxxx"
sed -e "s/<ARN>/${ARN}/g" -e "s/<NAME>/${NAME}/g" mytemplate.json > source_bucket_policy.json
# run aws commands
aws s3 create-bucket --bucket ${NAME}_source_bucket
put-bucket-policy --bucket ${NAME}_source_bucket --policy source_bucket_policy.json
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.