Amazon s3 如何使用aws cli确定S3存储桶是否具有公共访问权限
我在控制台中有一个显示“public access”的bucket,但是当我试图读取aws s3api get public access块时,我得到一个错误:Amazon s3 如何使用aws cli确定S3存储桶是否具有公共访问权限,amazon-s3,aws-cli,Amazon S3,Aws Cli,我在控制台中有一个显示“public access”的bucket,但是当我试图读取aws s3api get public access块时,我得到一个错误: $ aws s3api get-public-access-block --bucket my-test-bucket-name usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters] To see hel
$ aws s3api get-public-access-block --bucket my-test-bucket-name
usage: aws [options] <command> <subcommand> [<subcommand> ...] [parameters]
To see help text, you can run:
aws help
aws <command> help
aws <command> <subcommand> help
aws: error: argument operation: Invalid choice, valid choices are:
abort-multipart-upload | complete-multipart-upload
copy-object | create-bucket...
您可以使用
aws s3api get bucket policy status
找出哪些bucket被标识为具有公共访问权限:
aws s3api get-bucket-policy-status --bucket my-test-bucket-name
{
"PolicyStatus": {
"IsPublic": true
}
}
get public access block
功能与上周发布的新功能[1]相关,该功能有助于防止将来的存储桶被错误地创建为公共访问
get public access block
和get bucket policy status
都需要比1.15.83更新的awscli版本。我正在使用的同时包含这两个命令的版本是1.16.58
[1] 由于您可能没有升级awscli,因此可能会出现错误 您可以使用pip命令进行升级
pip install --upgrade awscli
开始时也出现了同样的错误。它应该升级并给出正确的结果
Bash# aws s3api get-public-access-block --bucket my-test-bucket-name
An error occurred (NoSuchPublicAccessBlockConfiguration) when calling the
GetPublicAccessBlock operation: The public access block configuration was not found
^这是您将在新创建的s3 bucket上看到的,默认情况下它是私有的,但有可能成为公共的
^这是启用公共访问块的命令
^当启用阻止公共访问时,随后运行相同的get status命令将显示此输出。对于以下版本的aws cli/1.14.44它不起作用。这是aws s3api获取bucket策略--bucket您的bucket名称。
Bash# aws s3api get-public-access-block --bucket my-test-bucket-name
An error occurred (NoSuchPublicAccessBlockConfiguration) when calling the
GetPublicAccessBlock operation: The public access block configuration was not found
Bash# aws s3api put-public-access-block --bucket my-test-bucket-name --public-access-block-configuration BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true
Bash# aws s3api get-public-access-block --bucket my-test-bucket-name
{
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"IgnorePublicAcls": true,
"BlockPublicPolicy": true,
"RestrictPublicBuckets": true
}
}