2. 질의 응답
  3. AWS boto3 create_policy() - policyDocument를 지정하십시오.

AWS boto3 create_policy() - policyDocument를 지정하십시오.

2017-03-21 6 views
1

저는 python의 boto3 라이브러리를 사용하여 AWS IoT에 인터페이스합니다. create_policy() API을 사용하여 정책을 만들고 싶지만 policyDocument 필드에 사용할 내용을 이해하지 못합니다. 나는 그것이 policyStatement과 관련이 있다고 생각하지만 구문을 이해할 수는 없다. 여기 내가 지금까지 가지고있는 것이있다.AWS boto3 create_policy() - policyDocument를 지정하십시오.

from __future__ import print_function 
import os 
import sys 
import boto3 
from botocore.exceptions import ClientError 
from colorama import Fore, Back, Style 
from colorama import init 
init() 

thingType = 'TpmStation' 
thingBaseName = thingType + '-' 
thingPolicy = thingType + '-Policy-GenDerivedKey' 

def eprint(*args, **kwargs): 
    print(*args, file=sys.stderr, **kwargs) 

try: 
    # Use system hosted credentials - see 
    # http://docs.aws.amazon.com/cli/latest/userguide/installing.html 
    # http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html 
    client = boto3.client('iot') 

    policyDocument = {} 
    policyDocument['Statement'] = [] 
    policyDocument['Statement'].append({}) 
    policyDocument['Statement'][0]['Effect'] = 'Allow' 
    policyDocument['Statement'][0]['Action'] = [] 
    policyDocument['Statement'][0]['Action'].append('iot:Connect') 
    policyDocument['Statement'][0]['Action'].append('iot:Publish') 
    policyDocument['Statement'][0]['Action'].append('iot:Subscribe') 
    policyDocument['Statement'][0]['Action'].append('iot:Receive') 
    policyDocument['Statement'][0]['Action'].append('iot:GetThingShadow') 
    policyDocument['Statement'][0]['Action'].append('iot:UpdateThingShadow') 
    policyDocument['Statement'][0]['Resource'] = '*' 
    response = client.create_policy(
     policyName = thingPolicy, 
     policyDocument = policyDocument 
    ) 
    if 200 != response['ResponseMetadata']['HTTPStatusCode']: 
     eprint(Fore.RED + "ERROR: Unable to 'create_thing_type' " + Style.RESET_ALL) 
     sys.exit(1) 
    print(Fore.GREEN + "Created new policy '" + thingPolicy + "'" + 
      Style.RESET_ALL) 

except ClientError as e: 
    exc_type, exc_obj, exc_tb = sys.exc_info() 
    fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1] 
    eprint(Fore.RED + "ERROR in " + fname + ':' + str(exc_tb.tb_lineno) + ' - ' + e.response['Error']['Code'] + ' - ' + e.response['Error']['Message'] + Style.RESET_ALL) 
    sys.exit(1)

출처

2017-03-21 Paul Grinberg

답변

3

은 많은 반복 한 후, 여기에 내가이 작품을 발견 무엇

from __future__ import print_function 
import os 
import sys 
import re 
import boto3 
from botocore.exceptions import ClientError 
from colorama import Fore, Back, Style 
from colorama import init 
init() 

thingType = 'TpmStation' 
thingBaseName = thingType + '-' 
thingPolicy = thingType + '-Policy-GenDerivedKey' 

def eprint(*args, **kwargs): 
    print(*args, file=sys.stderr, **kwargs) 

try: 
    # Use system hosted credentials - see 
    # http://docs.aws.amazon.com/cli/latest/userguide/installing.html 
    # http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html 
    client = boto3.client('iot') 

    awsAccount = boto3.client('sts').get_caller_identity().get('Account') 
    awsRegion = boto3.session.Session().region_name 
    policyDocumentStr = ''' 
     { 
      "Version": "2012-10-17", 
      "Statement": [ 
       { 
        "Effect": "Allow", 
        "Action": [ 
         "iot:Publish" 
        ], 
        "Resource": ["arn:aws:iot:%s:%s:topic/Request"] 
       }, 
       { 
        "Effect": "Allow", 
        "Action": [ 
         "iot:Subscribe" 
        ], 
        "Resource": ["arn:aws:iot:%s:%s:topicfilter/Response"] 
       }, 
       { 
        "Effect": "Allow", 
        "Action": [ 
         "iot:Receive" 
        ], 
        "Resource": ["arn:aws:iot:%s:%s:topic/Response"] 
       }, 
       { 
        "Effect": "Allow", 
        "Action": ["iot:Connect"], 
        "Resource": ["*"] 
       } 
      ] 
     } 
    '''%(awsRegion, awsAccount, awsRegion, awsAccount, awsRegion, awsAccount) 
    pattern = re.compile(r'[\s\r\n]+') 
    policyDocumentStr = re.sub(pattern, '', policyDocumentStr) 

    response = client.create_policy(
     policyName = thingPolicy, 
     policyDocument = policyDocumentStr 
    ) 
    if 200 != response['ResponseMetadata']['HTTPStatusCode']: 
     eprint(Fore.RED + "ERROR: Unable to 'create_thing_type' " + Style.RESET_ALL) 
     sys.exit(1) 
    print(Fore.GREEN + "Created new policy '" + thingPolicy + "'" + 
      Style.RESET_ALL) 

except ClientError as e: 
    exc_type, exc_obj, exc_tb = sys.exc_info() 
    fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1] 
    eprint(Fore.RED + "ERROR in " + fname + ':' + str(exc_tb.tb_lineno) + ' - ' + e.response['Error']['Code'] + ' - ' + e.response['Error']['Message'] + Style.RESET_ALL) 
    sys.exit(1)

출처

2017-03-21 14:28:34

관련 문제

 관련 문제