Light

`--access-key=xxx` and `--secret-key=yyy` options about s3-credentials HOT 6 CLOSED

simonw commented on September 28, 2024

`--access-key=xxx` and `--secret-key=yyy` options

from s3-credentials.

Comments (6)

simonw commented on September 28, 2024

Example code is here: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#passing-credentials-as-parameters

client = boto3.client(
    's3',
    aws_access_key_id=ACCESS_KEY,
    aws_secret_access_key=SECRET_KEY,
    aws_session_token=SESSION_TOKEN
)

Since access_key_id and secret_access_key are a bit verbose (and the _id suffix always confuses me) I'm going with --access-key and --secret-key instead.

from s3-credentials.

simonw commented on September 28, 2024

Being able to configure the endpoint_url would be useful too - that way this could be used against compatible systems such as Wasabi.

from s3-credentials.

simonw commented on September 28, 2024

I'm going to add four common options:

--access-key
--secret-key
--session-token
--endpoint-url

from s3-credentials.

simonw commented on September 28, 2024

Quick test, using credentials created for a --read-only user:

% s3-credentials create static.niche-museums.com --read-only
Created user: s3.read-only.static.niche-museums.com with permissions boundary: arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
Attached policy s3.read-only.static.niche-museums.com to user s3.read-only.static.niche-museums.com
Created access key for user: s3.read-only.static.niche-museums.com
{
    "UserName": "s3.read-only.static.niche-museums.com",
    "AccessKeyId": "AKIAWXFXAIOZOPREKLM6",
    "Status": "Active",
    "SecretAccessKey": "...",
    "CreateDate": "2021-11-03 18:53:05+00:00"
}
% s3-credentials whoami --access-key AKIAWXFXAIOZOPREKLM6 --secret-key ...
Traceback (most recent call last):
  ...
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetUser operation: User: arn:aws:iam::462092780466:user/s3.read-only.static.niche-museums.com is not authorized to perform: iam:GetUser on resource: user s3.read-only.static.niche-museums.com
% s3-credentials delete-user s3.read-only.static.niche-museums.com                                             
User: s3.read-only.static.niche-museums.com
  Deleted policy: s3.read-only.static.niche-museums.com
  Deleted access key: AKIAWXFXAIOZOPREKLM6
  Deleted user
% s3-credentials whoami --access-key AKIAWXFXAIOZOPREKLM6 --secret-key ...
Traceback (most recent call last):
  ...
botocore.exceptions.ClientError: An error occurred (InvalidClientTokenId) when calling the GetUser operation: The security token included in the request is invalid.

This looks good to me.

from s3-credentials.

simonw commented on September 28, 2024

Help text looks like this now:

% s3-credentials create --help
Usage: s3-credentials create [OPTIONS] BUCKETS...

  Create and return new AWS credentials for specified S3 buckets

Options:
  --username TEXT                 Username to create or existing user to use
  -c, --create-bucket             Create buckets if they do not already exist
  --read-only                     Only allow reading from the bucket
  --write-only                    Only allow writing to the bucket
  --policy POLICY                 Path to a policy.json file, or literal JSON
                                  string - $!BUCKET_NAME!$ will be replaced
                                  with the name of the bucket
  --bucket-region TEXT            Region in which to create buckets
  --silent                        Don't show performed steps
  --user-permissions-boundary TEXT
                                  Custom permissions boundary to use for
                                  created users, or 'none' to create without.
                                  Defaults to limiting to S3 based on --read-
                                  only and --write-only options.
  --access-key TEXT               AWS access key ID
  --secret-key TEXT               AWS secret access key
  --session-token TEXT            AWS session token
  --endpoint-url TEXT             Custom endpoint URL
  --help                          Show this message and exit.
% s3-credentials whoami --help
Usage: s3-credentials whoami [OPTIONS]

  Identify currently authenticated user

Options:
  --access-key TEXT     AWS access key ID
  --secret-key TEXT     AWS secret access key
  --session-token TEXT  AWS session token
  --endpoint-url TEXT   Custom endpoint URL
  --help                Show this message and exit.

from s3-credentials.

simonw commented on September 28, 2024

Documentation:

from s3-credentials.

Related Issues (20)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.