问题
I am trying to pass boto3 a list of bucket names and have it first enable versioning on each bucket, then enable a lifecycle policy on each.
I have done aws configure, and do have two profiles, both current, active user profiles with all necessary permissions. The one I want to use is named "default."
import boto3
# Create session
s3 = boto3.resource('s3')
# Bucket list
buckets = ['BUCKET-NAME']
# iterate through list of buckets
for bucket in buckets:
# Enable Versioning
bucketVersioning = s3.BucketVersioning('bucket')
bucketVersioning.enable()
# Current lifecycle configuration
lifecycleConfig = s3.BucketLifecycle(bucket)
lifecycleConfig.add_rule={
'Rules': [
{
'Status': 'Enabled',
'NoncurrentVersionTransition': {
'NoncurrentDays': 7,
'StorageClass': 'GLACIER'
},
'NoncurrentVersionExpiration': {
'NoncurrentDays': 30
}
}
]
}
# Configure Lifecycle
bucket.configure_lifecycle(lifecycleConfig)
print "Versioning and lifecycle have been enabled for buckets."
When I run this I get the following error:
Traceback (most recent call last):
File "putVersioning.py", line 27, in <module>
bucketVersioning.enable()
File "/usr/local/lib/python2.7/dist-packages/boto3/resources/factory.py", line 520, in do_action
response = action(self, *args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/boto3/resources/action.py", line 83, in __call__
response = getattr(parent.meta.client, operation_name)(**params)
File "/home/user/.local/lib/python2.7/site-packages/botocore/client.py", line 253, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/home/user/.local/lib/python2.7/site-packages/botocore/client.py", line 557, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutBucketVersioning operation: Access Denied
My profiles has full privileges, so that shouldn't be a problem. Is there something else I need to do for passing credentials? Thanks everyone!
回答1:
To set the versioning state, you must be the bucket owner.
The above statement means - To use PutBucketVersioning operation to enable the versioning, you must be the owner of the bucket.
Use the below command to check the owner of the bucket. If you are the owner of the bucket, you should be able to set the versioning state as ENABLED / SUSPENDED.
aws s3api get-bucket-acl --bucket yourBucketName
回答2:
Ok, notionquest is correct; however, it appears I also goofed up in my code by quoting a variable:
bucketVersioning = s3.BucketVersioning('bucket')
should be
bucketVersioning = s3.BucketVersioning(bucket)
来源:https://stackoverflow.com/questions/44135726/aws-boto3-enable-s3-versioning-lifecycle-access-denied