[英]How can I check if an object in an S3 bucket is public or not in boto3?
我正在尝试使用 python 中的 boto3 模块检查指定存储桶中的所有对象是否都是公共的。 我曾尝试使用client.get_object()和client.list_objects()方法,但我无法弄清楚我应该搜索什么,因为我是 boto3 和 AWS 的新手。
此外,由于我的组织更喜欢使用client不是resource ,所以我最好寻找一种使用client 。
可能是这些的组合来讲述每个对象的完整故事
client = boto3.client('s3')
bucket = 'my-bucket'
key = 'my-key'
client.get_object_acl(Bucket=bucket, Key=key)
client.get_bucket_acl(Bucket=bucket)
client.get_bucket_policy(Bucket=bucket)
我认为测试对象是否公开的最好方法是向该对象 URL 发出匿名请求。
import boto3
import botocore
import requests
bucket_name = 'example-bucket'
object_key = 'example-key'
config = botocore.client.Config(signature_version=botocore.UNSIGNED)
object_url = boto3.client('s3', config=config).generate_presigned_url('get_object', Params={'Bucket': bucket_name, 'Key': object_key})
resp = requests.get(object_url)
if resp.status_code == 200:
print('The object is public.')
else:
print('Nope! The object is private or inaccessible.')
注意:您可以使用requests.head而不是requests.get来保存一些数据传输。
这个函数应该可以解决问题。 它获取 ACL,然后通过Grants循环查找具有READ或FULL_CONTROL权限的AllUsers 。
import boto3
def is_public(key, bucket):
"""Returns true if key has public access.
Args:
key (str): key to check
bucket (str, optional): Bucket name.
Returns:
(bool)
Public object ACL example:
{
...
"Grants": [
{
"Grantee": {
"Type": "Group",
"URI": "http://acs.amazonaws.com/groups/global/AllUsers",
},
"Permission": "READ",
},
{
"Grantee": {
"ID": "somecrypticidstring",
"Type": "CanonicalUser",
},
"Permission": "FULL_CONTROL",
},
],
}
Private object ACL example:
{
...
"Grants": [
{
"Grantee": {
"ID": "somecrypticidstring",
"Type": "CanonicalUser",
},
"Permission": "FULL_CONTROL",
}
],
}
"""
client = boto3.client(
"s3",
aws_access_key_id=YOUR_AWS_ACCESS_KEY_ID,
aws_secret_access_key=YOUR_AWS_SECRET_ACCESS_KEY,
)
d = client.get_object_acl(Bucket=bucket, Key=key)
try:
for grant in d["Grants"]:
if (
"URI" in grant["Grantee"]
and grant["Grantee"]["URI"].endswith("AllUsers")
and grant["Permission"] in ["READ", "FULL_CONTROL"]
):
return True
return False
except Exception:
# Cannot determine if s3 object is public.
return False
如何使用 boto3 将 Github 上的文件上传到 AWS S3 存储桶?
[英]How can I upload the files on Github to AWS S3 bucket using boto3?
如何使用boto3检查s3存储桶是否已有存储桶策略?
[英]How to check if a s3 bucket has an existing bucket policy using boto3?
Python Boto3 - 如何在进程开始复制到另一个存储桶之前检查s3文件是否完全写入
[英]Python Boto3 - how to check if s3 file is completely written before process start copying to another bucket
如何使用 boto3 在 aws 中检查 s3 访问密钥是否可以访问特定存储桶
[英]How to check whether s3 access key has access to a specific bucket or not in aws using boto3
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.