1
저는 python의 boto3 라이브러리를 사용하여 AWS IoT에 인터페이스합니다. create_policy() API을 사용하여 정책을 만들고 싶지만 policyDocument 필드에 사용할 내용을 이해하지 못합니다. 나는 그것이 policyStatement과 관련이 있다고 생각하지만 구문을 이해할 수는 없다. 여기 내가 지금까지 가지고있는 것이있다.AWS boto3 create_policy() - policyDocument를 지정하십시오.
from __future__ import print_function
import os
import sys
import boto3
from botocore.exceptions import ClientError
from colorama import Fore, Back, Style
from colorama import init
init()
thingType = 'TpmStation'
thingBaseName = thingType + '-'
thingPolicy = thingType + '-Policy-GenDerivedKey'
def eprint(*args, **kwargs):
print(*args, file=sys.stderr, **kwargs)
try:
# Use system hosted credentials - see
# http://docs.aws.amazon.com/cli/latest/userguide/installing.html
# http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
client = boto3.client('iot')
policyDocument = {}
policyDocument['Statement'] = []
policyDocument['Statement'].append({})
policyDocument['Statement'][0]['Effect'] = 'Allow'
policyDocument['Statement'][0]['Action'] = []
policyDocument['Statement'][0]['Action'].append('iot:Connect')
policyDocument['Statement'][0]['Action'].append('iot:Publish')
policyDocument['Statement'][0]['Action'].append('iot:Subscribe')
policyDocument['Statement'][0]['Action'].append('iot:Receive')
policyDocument['Statement'][0]['Action'].append('iot:GetThingShadow')
policyDocument['Statement'][0]['Action'].append('iot:UpdateThingShadow')
policyDocument['Statement'][0]['Resource'] = '*'
response = client.create_policy(
policyName = thingPolicy,
policyDocument = policyDocument
)
if 200 != response['ResponseMetadata']['HTTPStatusCode']:
eprint(Fore.RED + "ERROR: Unable to 'create_thing_type' " + Style.RESET_ALL)
sys.exit(1)
print(Fore.GREEN + "Created new policy '" + thingPolicy + "'" +
Style.RESET_ALL)
except ClientError as e:
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
eprint(Fore.RED + "ERROR in " + fname + ':' + str(exc_tb.tb_lineno) + ' - ' + e.response['Error']['Code'] + ' - ' + e.response['Error']['Message'] + Style.RESET_ALL)
sys.exit(1)