Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/python/356.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Python ListBucket操作:访问被拒绝-aws mfa令牌_Python_Amazon Web Services_Amazon S3 - Fatal编程技术网
Fatal编程技术网
  • python/
  • Python ListBucket操作:访问被拒绝-aws mfa令牌

Python ListBucket操作:访问被拒绝-aws mfa令牌

python amazon-web-services amazon-s3

Python ListBucket操作:访问被拒绝-aws mfa令牌,python,amazon-web-services,amazon-s3,Python,Amazon Web Services,Amazon S3,我正在努力使用我的mfa aws帐户列出python脚本中的bucket,但每次运行代码时都会被拒绝 输出脚本 Enter your MFA Token:899211 {'Credentials': {'AccessKeyId': 'ASIASUXXXXXXXXXXX', 'SecretAccessKey': 'T1Cn9FpXXXXXXXXXXXXXXXXXl', 'SessionToken': 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCXXXXXXXXXXXXXXXXXXXX

我正在努力使用我的mfa aws帐户列出python脚本中的bucket,但每次运行代码时都会被拒绝

输出脚本

Enter your MFA Token:899211
{'Credentials': {'AccessKeyId': 'ASIASUXXXXXXXXXXX', 'SecretAccessKey': 'T1Cn9FpXXXXXXXXXXXXXXXXXl', 'SessionToken': 'CCCCCCCCCCCCCCCCCCCCCCCCCCCCXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC=', 'Expiration': datetime.datetime(2020, 4, 22, 10, 0, 21, tzinfo=tzutc())}, 'ResponseMetadata': {'RequestId': '6c05ad08-XXXX-4b2a-XXXX-VVVVVVVVV', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '6c05ad08-XXXx-XXXX-XXXXXXX-8c4a5b504404', 'content-type': 'text/xml', 'content-length': '804', 'date': 'Wed, 22 Apr 2020 09:00:21 GMT'}, 'RetryAttempts': 0}}
Traceback (most recent call last):
  File "aws_connect.py", line 23, in <module>
    response_s3 = s3.list_buckets()
  File "/home/my_user/.local/lib/python3.6/site-packages/botocore/client.py", line 316, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/my_user/.local/lib/python3.6/site-packages/botocore/client.py", line 626, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListBuckets operation: Access Denied
因此,我得到了正确的accesskeyidsecretAccesskey以及SesstionToken,但我无法从我的帐户中列出任何内容。

必须将MFA会话凭据传递给
两个客户端(“s3”)
。最简单的方法是在代码本身

例如:

s3 = boto3.client('s3',
    aws_access_key_id=response['Credentials']['AccessKeyId'],
    aws_secret_access_key=response['Credentials']['SecretAccessKey'],
    aws_session_token=response['Credentials']['SessionToken']
)
对于到达此处并需要使用不同于其凭据文件的配置文件的任何人,这是通过以下行完成的:

boto3.setup_default_session(profile_name='PROFILE_NAME')
最后要确保的是,用户帐户具有以下各项的允许策略:

s3:ListAllMyBuckets
总而言之,整个脚本如下所示:

#!/usr/bin/env python

import boto3

serial_number = input('Enter your device serial number: ')
token = input('Enter your MFA Token: ')

# This line is necessary if you're using
# a profile other than your default profile
boto3.setup_default_session(profile_name='demo_cli')

client = boto3.client('sts')

response = client.get_session_token(
    DurationSeconds=3600,
    SerialNumber=serial_number,
    TokenCode=token,
)

s3 = boto3.client('s3',
    aws_access_key_id=response['Credentials']['AccessKeyId'],
    aws_secret_access_key=response['Credentials']['SecretAccessKey'],
    aws_session_token=response['Credentials']['SessionToken']
)

response_s3 = s3.list_buckets()

# Output the bucket names
print('Existing buckets:')
for bucket in response_s3['Buckets']:
    print(f'  {bucket["Name"]}')
MFA会话凭据必须传递到boto3.client('s3'),才能使用。最简单的方法是在代码本身

例如:

s3 = boto3.client('s3',
    aws_access_key_id=response['Credentials']['AccessKeyId'],
    aws_secret_access_key=response['Credentials']['SecretAccessKey'],
    aws_session_token=response['Credentials']['SessionToken']
)
对于到达此处并需要使用不同于其凭据文件的配置文件的任何人,这是通过以下行完成的:

boto3.setup_default_session(profile_name='PROFILE_NAME')
最后要确保的是,用户帐户具有以下各项的允许策略:

s3:ListAllMyBuckets
总而言之,整个脚本如下所示:

#!/usr/bin/env python

import boto3

serial_number = input('Enter your device serial number: ')
token = input('Enter your MFA Token: ')

# This line is necessary if you're using
# a profile other than your default profile
boto3.setup_default_session(profile_name='demo_cli')

client = boto3.client('sts')

response = client.get_session_token(
    DurationSeconds=3600,
    SerialNumber=serial_number,
    TokenCode=token,
)

s3 = boto3.client('s3',
    aws_access_key_id=response['Credentials']['AccessKeyId'],
    aws_secret_access_key=response['Credentials']['SecretAccessKey'],
    aws_session_token=response['Credentials']['SessionToken']
)

response_s3 = s3.list_buckets()

# Output the bucket names
print('Existing buckets:')
for bucket in response_s3['Buckets']:
    print(f'  {bucket["Name"]}')
您的用户附加了什么策略?您是否已检查IAM策略及其权限?请确保IAM策略包含:
“s3:GetObject”、“s3:ListBucket”
我可能错了,但您不需要使用
响应将获取的凭据设置到s3客户端吗?类似于
s3=boto3.client('s3',aws\u access\u key\u id=access\u key,aws\u secret\u access\u key=secret\u key,aws\u session\u token=session\u token,)
well。。您发布的内容无效。。我发现了一些奇怪的东西,如果我将accesskeyid、secretAccesskey、SesstionToken和region导出到bash系统中,就可以列出s3存储桶。变量可以用printenv打印。如果不导出这些变量,则无法使其工作。现在我有另一个问题,如何通过python脚本将变量导出到bash系统中,它根本不起作用。谢谢您的用户附加了哪些策略?您是否已检查IAM策略及其权限?请确保IAM策略包含:
“s3:GetObject”、“s3:ListBucket”
我可能错了,但您不需要使用
响应将获取的凭据设置到s3客户端吗?类似于
s3=boto3.client('s3',aws\u access\u key\u id=access\u key,aws\u secret\u access\u key=secret\u key,aws\u session\u token=session\u token,)
well。。您发布的内容无效。。我发现了一些奇怪的东西,如果我将accesskeyid、secretAccesskey、SesstionToken和region导出到bash系统中,就可以列出s3存储桶。变量可以用printenv打印。如果不导出这些变量,则无法使其工作。现在我有另一个问题,如何通过python脚本将变量导出到bash系统中,它根本不起作用。谢谢