boto3 s3 存储桶标记

Question

标记存储桶时出现访问错误。 请注意，我使用的角色具有 s3 完全访问权限。 代码工作正常，直到这一点 -

for bucket in s3.buckets.all():
            s3_bucket = bucket
            s3_bucket_name = s3_bucket.name
            try:
                response = s3_client.get_bucket_tagging(Bucket=s3_bucket_name)
                print(response)
            except ClientError:
                print (s3_bucket_name, "does not have tags")
                

但添加 putTag 代码后，即使 GetBucketTagging 操作也会出错。 这是我的最终代码：

for bucket in s3.buckets.all():
            s3_bucket = bucket
            s3_bucket_name = s3_bucket.name
            try:
                response = s3_client.get_bucket_tagging(Bucket=s3_bucket_name)
                print(response)
                
            except ClientError:
                print (s3_bucket_name, "does not have tags")
                bucket_tagging = s3.BucketTagging(s3_bucket_name)
                response = bucket_tagging.put(
                 Tagging={
                      'TagSet': [
                        {
                            'Key': 'pcs:name',
                            'Value': s3_bucket_name
                        },
                      ]
                    },
                )

我得到的错误是 -

botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetBucketTagging operation: Access Denied

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "tagging.py", line 91, in <module>
    tagging()
  File "tagging.py", line 71, in tagging
    'Value': s3_bucket_name
  File "/home/ec2-user/compass_backend/compass_backend/lib64/python3.7/site-packages/boto3/resources/factory.py", line 520, in do_action
    response = action(self, *args, **kwargs)
  File "/home/ec2-user/compass_backend/compass_backend/lib64/python3.7/site-packages/boto3/resources/action.py", line 83, in __call__
    response = getattr(parent.meta.client, operation_name)(*args, **params)
  File "/home/ec2-user/compass_backend/compass_backend/lib64/python3.7/site-packages/botocore/client.py", line 395, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/ec2-user/compass_backend/compass_backend/lib64/python3.7/site-packages/botocore/client.py", line 725, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutBucketTagging operation: Access Denied

我是否传递了错误的标签参数？ 从 Boto3 文档本身得到这个

Answer 1

我拿出了try部分并运行了这个版本的代码：

import boto3

s3_resource = boto3.resource('s3')

bucket_tagging = s3_resource.BucketTagging('my-bucket-name')
response = bucket_tagging.put(
        Tagging={
            'TagSet': [
            {
                'Key': 'pcs:name',
                'Value': 'stackoverflow'
            },
            ]
        },
    )

它工作得很好：

[

因此，一定有其他原因导致您的请求失败。 您可能需要检查 AWS CloudTrail 以查看是否有关于请求被拒绝原因的提示。

Answer 2

没有标签时，“get_bucket_tagging”会抛出 NoSuchTagSet。 对于测试，在运行测试之前先创建一个标签，或者捕获异常并创建标签。

Answer 3

我找不到捕获异常的方法，但是，这对我有用：

tagging_client = boto3.client('resourcegroupstaggingapi')
s3 = boto3.resource('s3')
s3_client = boto3.client('s3')
for bucket in s3.buckets.all():
     s3_bucket = bucket
     s3_bucket_name = s3_bucket.name
     bucket_tagging = s3.BucketTagging(s3_bucket_name)
     try:
        response = s3_client.get_bucket_tagging(Bucket=s3_bucket_name)
        a = response
     except ClientError:
        response = tagging_client.tag_resources(
        ResourceARNList=[
            "arn:aws:s3:::" + bucket.name
        ],
        Tags={
            'pcs:name': bucket.name
        }
      )

请注意，您需要附加到您的角色的附加“资源标记”策略。 希望这可以帮助。 干杯。