Awscli:修订间差异
跳到导航
跳到搜索
此页面具有访问限制。如果您看见此消息,则说明您没有权限访问此页面。
(→常用指令) |
(→S3) |
||
(未显示同一用户的6个中间版本) | |||
第3行: | 第3行: | ||
== 安裝 == | == 安裝 == | ||
可以透過pipx安裝,避免影響到目前環境內的套件: | |||
<syntaxhighlight lang="bash"> | |||
pipx install awscli | |||
</syntaxhighlight> | |||
== 常用指令 == | == 常用指令 == | ||
第34行: | 第40行: | ||
=== S3 === | === S3 === | ||
* 建立一個S3 bucket, | |||
* 建立對應的使用者(IAM), | |||
* 掛上完整的權限, | |||
* 產生對應的key: | |||
<syntaxhighlight lang="bash"> | |||
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.full; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.full --policy-name Policy-s3-${BUCKET_NAME}-full --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:*"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.full | |||
</syntaxhighlight> | |||
如果是只能讀取的話,這邊列出比較常見的操作(<code>"s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"</code>這段): | |||
<syntaxhighlight lang="bash"> | |||
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.readonly; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.readonly --policy-name Policy-s3-${BUCKET_NAME}-readonly --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.readonly | |||
</syntaxhighlight> | |||
== 外部連結 == | == 外部連結 == |
2021年11月6日 (六) 08:57的最新版本
awscli是AWS官方提供的Command Line Interface(CLI)软件。
安装
可以透过pipx安装,避免影响到目前环境内的套件:
pipx install awscli
常用指令
IAM
开管理员账号(这边是使用AWS内已经有的AdministratorAccess
):
aws iam create-user --user-name ${MY_AWS_USERNAME}
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name ${MY_AWS_USERNAME}
生出access key,一个账号最多两把。其中的AccessKeyId
与SecretAccessKey
就是需要的设定,要注意SecretAccessKey
之后不会再出现:
aws iam create-access-key --user-name ${MY_AWS_USERNAME}
超过两把再呼叫会出现错误讯息:
An error occurred (LimitExceeded) when calling the CreateAccessKey operation: Cannot exceed quota for AccessKeysPerUser: 2
列出这个账号所有的access key(只会有AccessKeyId
,不会有SecretAccessKey
):
aws iam list-access-keys --user-name ${MY_AWS_USERNAME}
S3
- 建立一个S3 bucket,
- 建立对应的使用者(IAM),
- 挂上完整的权限,
- 产生对应的key:
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.full; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.full --policy-name Policy-s3-${BUCKET_NAME}-full --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:*"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.full
如果是只能读取的话,这边列出比较常见的操作("s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"
这段):
BUCKET_NAME=gslin-test; aws s3 mb s3://${BUCKET_NAME}; aws iam create-user --user-name s3.${BUCKET_NAME}.readonly; aws iam put-user-policy --user-name s3.${BUCKET_NAME}.readonly --policy-name Policy-s3-${BUCKET_NAME}-readonly --policy-document '{"Version":"2012-10-17","Statement":[{"Action":["s3:GetObject","s3:HeadObject","s3:ListObjects","s3:ListObjectsV2"],"Resource":"arn:aws:s3:::'${BUCKET_NAME}'/*","Effect":"Allow"}]}'; aws iam create-access-key --user-name s3.${BUCKET_NAME}.readonly