stackoom
  简体   繁体   中英

Can I use bash variables when adding policies to bucket with AWS CLI?

 原文  2020-05-19 02:56:45       bash/ aws-cli

Question

I'm using the AWS CLI to create and upload policies to a number of buckets - example:

#!/usr/bin/env bash
NAME="test_client"
aws s3 create-bucket --bucket ${NAME}_source_bucket

Great. All good so far. Next, I'd like to run the following:

ARN="xxxx-xxxx-xxxx"
put-bucket-policy --bucket ${NAME}_source_bucket --policy source_bucket_policy.json

Where my bucket policy is to the effect of:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::${NAME}_source_bucket"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::${NAME}_source_bucket/*"
        }
    ]
}

1 answers

solution1
 3 ACCPTED  2020-05-19 03:09:14

If you are writing this from a script, you could use a heredoc .

If you're running this repeatedly from the command line, you could also create a template JSON.

Heredoc

#!/usr/bin/env bash
NAME="test_client"
aws s3 create-bucket --bucket ${NAME}_source_bucket
ARN="xxxx-xxxx-xxxx"
put-bucket-policy --bucket ${NAME}_source_bucket --policy << EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::${NAME}_source_bucket"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::${NAME}_source_bucket/*"
        }
    ]
}
EOF

Template

# create the template, only need to do this once
cat << EOF > mytemplate.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<ARN>:role/<NAME>_source_role"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::<NAME>_source_bucket"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<ARN>:role/<NAME>_source_role"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<NAME>_source_bucket/*"
        }
    ]
}

# overwrite the template with your values
NAME="test_client"
ARN="xxxx-xxxx-xxxx"
sed -e "s/<ARN>/${ARN}/g" -e "s/<NAME>/${NAME}/g" mytemplate.json > source_bucket_policy.json

# run aws commands
aws s3 create-bucket --bucket ${NAME}_source_bucket
put-bucket-policy --bucket ${NAME}_source_bucket --policy source_bucket_policy.json

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Setting Enivironment Variables in Bash script for use with AWS CLI How can I pass a variable in aws cli command in bash? Passing variables to aws cli command in bash script How can I use a bash script to run postgres when launching AWS EC2 instance? Bash - When to use '$' in front of variables? How to use AWS S3 CLI to dump files to stdout in BASH? cant suppress or use an AWS-CLI error in bash Bash script variable value changing when running AWS CLI AWS CLI command inside bash script can't locate file aws-cli won't work with a variable I created in bash
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM