[英]AWS : Python Script to Retrieve list of S3 bucket having Cross account access using boto3
有什么方法可以使用boto3檢查哪個存儲桶具有交叉帳戶訪問權限? 如果不是,請建議其他方法執行此操作(僅使用腳本)。
我有多個AWS帳戶。 例如:prod,dev,QA,rep1等...我正在使用循環訪問每個帳戶並創建具有交叉帳戶訪問權限的存儲桶列表。
謝謝約翰,我創建了以下腳本,以根據存儲桶策略檢查具有交叉帳戶訪問權限的存儲桶。 但不確定天氣是否足夠或需要在腳本中進行更多驗證
import boto3
import json
REGIONS = 'ap-south-1'
ACCOUNT = '*************'
AWS_ACCESS_KEY_ID = '*******************'
AWS_SECRET_ACCESS_KEY = '*****************************'
client = boto3.client('s3', REGIONS, aws_access_key_id=AWS_ACCESS_KEY_ID, aws_secret_access_key=AWS_SECRET_ACCESS_KEY)
flag = "cross account access -- no"
try:
result = client.get_bucket_policy(Bucket='testingcrossaccount')
policy = json.loads(result['Policy'])
statements = policy['Statement']
for statement in statements:
effect = statement['Effect']
principal = statement['Principal']
try:
keywords = principal['AWS']
if isinstance(keywords, str):
keywordarr = keywords.split(":")
if (ACCOUNT != keywordarr[4] and effect == "Allow"):
flag = "cross account access -- yes"
elif isinstance(keywords, list):
for key in keywords:
keywordarr = key.split(":")
if (ACCOUNT != keywordarr[4] and effect == "Allow"):
flag = "cross account access -- yes"
break
if (flag == "cross account access -- yes"):
break
except:
if (principal == "*" and effect == "Allow"):
flag = "cross account access -- yes"
except:
flag = "cross account access -- no"
print (flag)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.