「Awscli」:修訂間差異
跳至導覽
跳至搜尋
本頁面具有訪問限制。如果您看見此訊息,這代表您沒有訪問本頁面的權限。
(→常用指令) |
(→S3) |
||
| (未顯示同一使用者於中間所作的 8 次修訂) | |||
| 行 1: | 行 1: | ||
{{Lowercase}} | {{Lowercase}} | ||
'''awscli'''是[[AWS]]官方提供的Command Line Interface(CLI)軟體。 | '''awscli'''是[[AWS]]官方提供的Command Line Interface(CLI)軟體。 | ||
== 安裝 == | |||
可以透過pipx安裝,避免影響到目前環境內的套件: | |||
<syntaxhighlight lang="bash"> | |||
pipx install awscli | |||
</syntaxhighlight> | |||
== 常用指令 == | == 常用指令 == | ||
=== IAM === | === IAM === | ||
開管理員帳號(這邊是使用AWS內已經有的<code>AdministratorAccess</code>): | 開管理員帳號(這邊是使用AWS內已經有的<code>AdministratorAccess</code>): | ||
<syntaxhighlight lang=" | |||
<syntaxhighlight lang="bash"> | |||
aws iam create-user --user-name ${MY_AWS_USERNAME} | |||
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name ${MY_AWS_USERNAME} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
生出access key,一個帳號最多兩把。其中的<code>AccessKeyId</code>與<code>SecretAccessKey</code>就是需要的設定,要注意<code>SecretAccessKey</code>之後不會再出現: | 生出access key,一個帳號最多兩把。其中的<code>AccessKeyId</code>與<code>SecretAccessKey</code>就是需要的設定,要注意<code>SecretAccessKey</code>之後不會再出現: | ||
<syntaxhighlight lang=" | |||
<syntaxhighlight lang="bash"> | |||
aws iam create-access-key --user-name ${MY_AWS_USERNAME} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
超過兩把再呼叫會出現錯誤訊息: | 超過兩把再呼叫會出現錯誤訊息: | ||
<pre> | <pre> | ||
An error occurred (LimitExceeded) when calling the CreateAccessKey operation: Cannot exceed quota for AccessKeysPerUser: 2 | An error occurred (LimitExceeded) when calling the CreateAccessKey operation: Cannot exceed quota for AccessKeysPerUser: 2 | ||
| 行 22: | 行 34: | ||
列出這個帳號所有的access key(只會有<code>AccessKeyId</code>,不會有<code>SecretAccessKey</code>): | 列出這個帳號所有的access key(只會有<code>AccessKeyId</code>,不會有<code>SecretAccessKey</code>): | ||
<syntaxhighlight lang=" | |||
<syntaxhighlight lang="bash"> | |||
aws iam list-access-keys --user-name ${MY_AWS_USERNAME} | |||
</syntaxhighlight> | |||
=== S3 === | |||
* 建立一個S3 bucket, | |||
* 建立對應的使用者(IAM), | |||
* 掛上完整的權限, | |||
* 產生對應的key: | |||
<syntaxhighlight lang="bash"> | |||
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.full; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.full --policy-name Policy-s3-${BUCKET_NAME}-full --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:*"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.full | |||
</syntaxhighlight> | |||
如果是只能讀取的話,這邊列出比較常見的操作(<code>"s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"</code>這段): | |||
<syntaxhighlight lang="bash"> | |||
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.readonly; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.readonly --policy-name Policy-s3-${BUCKET_NAME}-readonly --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.readonly | |||
</syntaxhighlight> | </syntaxhighlight> | ||
於 2021年11月6日 (六) 08:57 的最新修訂
awscli是AWS官方提供的Command Line Interface(CLI)軟體。
安裝
可以透過pipx安裝,避免影響到目前環境內的套件:
pipx install awscli
常用指令
IAM
開管理員帳號(這邊是使用AWS內已經有的AdministratorAccess):
aws iam create-user --user-name ${MY_AWS_USERNAME}
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name ${MY_AWS_USERNAME}
生出access key,一個帳號最多兩把。其中的AccessKeyId與SecretAccessKey就是需要的設定,要注意SecretAccessKey之後不會再出現:
aws iam create-access-key --user-name ${MY_AWS_USERNAME}
超過兩把再呼叫會出現錯誤訊息:
An error occurred (LimitExceeded) when calling the CreateAccessKey operation: Cannot exceed quota for AccessKeysPerUser: 2
列出這個帳號所有的access key(只會有AccessKeyId,不會有SecretAccessKey):
aws iam list-access-keys --user-name ${MY_AWS_USERNAME}
S3
- 建立一個S3 bucket,
- 建立對應的使用者(IAM),
- 掛上完整的權限,
- 產生對應的key:
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.full; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.full --policy-name Policy-s3-${BUCKET_NAME}-full --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:*"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.full
如果是只能讀取的話,這邊列出比較常見的操作("s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"這段):
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.readonly; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.readonly --policy-name Policy-s3-${BUCKET_NAME}-readonly --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.readonly