Comments (6)
Example code is here: https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html#passing-credentials-as-parameters
client = boto3.client(
's3',
aws_access_key_id=ACCESS_KEY,
aws_secret_access_key=SECRET_KEY,
aws_session_token=SESSION_TOKEN
)
Since access_key_id
and secret_access_key
are a bit verbose (and the _id
suffix always confuses me) I'm going with --access-key
and --secret-key
instead.
from s3-credentials.
Being able to configure the endpoint_url
would be useful too - that way this could be used against compatible systems such as Wasabi.
from s3-credentials.
I'm going to add four common options:
--access-key
--secret-key
--session-token
--endpoint-url
from s3-credentials.
Quick test, using credentials created for a --read-only
user:
% s3-credentials create static.niche-museums.com --read-only
Created user: s3.read-only.static.niche-museums.com with permissions boundary: arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess
Attached policy s3.read-only.static.niche-museums.com to user s3.read-only.static.niche-museums.com
Created access key for user: s3.read-only.static.niche-museums.com
{
"UserName": "s3.read-only.static.niche-museums.com",
"AccessKeyId": "AKIAWXFXAIOZOPREKLM6",
"Status": "Active",
"SecretAccessKey": "...",
"CreateDate": "2021-11-03 18:53:05+00:00"
}
% s3-credentials whoami --access-key AKIAWXFXAIOZOPREKLM6 --secret-key ...
Traceback (most recent call last):
...
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the GetUser operation: User: arn:aws:iam::462092780466:user/s3.read-only.static.niche-museums.com is not authorized to perform: iam:GetUser on resource: user s3.read-only.static.niche-museums.com
% s3-credentials delete-user s3.read-only.static.niche-museums.com
User: s3.read-only.static.niche-museums.com
Deleted policy: s3.read-only.static.niche-museums.com
Deleted access key: AKIAWXFXAIOZOPREKLM6
Deleted user
% s3-credentials whoami --access-key AKIAWXFXAIOZOPREKLM6 --secret-key ...
Traceback (most recent call last):
...
botocore.exceptions.ClientError: An error occurred (InvalidClientTokenId) when calling the GetUser operation: The security token included in the request is invalid.
This looks good to me.
from s3-credentials.
Help text looks like this now:
% s3-credentials create --help
Usage: s3-credentials create [OPTIONS] BUCKETS...
Create and return new AWS credentials for specified S3 buckets
Options:
--username TEXT Username to create or existing user to use
-c, --create-bucket Create buckets if they do not already exist
--read-only Only allow reading from the bucket
--write-only Only allow writing to the bucket
--policy POLICY Path to a policy.json file, or literal JSON
string - $!BUCKET_NAME!$ will be replaced
with the name of the bucket
--bucket-region TEXT Region in which to create buckets
--silent Don't show performed steps
--user-permissions-boundary TEXT
Custom permissions boundary to use for
created users, or 'none' to create without.
Defaults to limiting to S3 based on --read-
only and --write-only options.
--access-key TEXT AWS access key ID
--secret-key TEXT AWS secret access key
--session-token TEXT AWS session token
--endpoint-url TEXT Custom endpoint URL
--help Show this message and exit.
% s3-credentials whoami --help
Usage: s3-credentials whoami [OPTIONS]
Identify currently authenticated user
Options:
--access-key TEXT AWS access key ID
--secret-key TEXT AWS secret access key
--session-token TEXT AWS session token
--endpoint-url TEXT Custom endpoint URL
--help Show this message and exit.
from s3-credentials.
Documentation:
- https://github.com/simonw/s3-credentials/blob/41bcc8c5100dc508de60f1f5af46551c60d92a93/README.md#configuration
- https://github.com/simonw/s3-credentials/blob/41bcc8c5100dc508de60f1f5af46551c60d92a93/README.md#common-options
from s3-credentials.
Related Issues (20)
- Way to make an existing bucket public or private HOT 1
- Convert README into documentation website HOT 3
- Make it easier to add extra policy statements HOT 10
- Provide a `--profile` option to allow AWS profile selection HOT 3
- Using --policy should imply --user-permissions-boundary=none HOT 2
- s3-credentials.AmazonS3FullAccess has MaxSessionDuration 3600, should be 12 hours HOT 5
- KeyError if listing bucket with no items returned
- s3-credentials list-buckets --details should show region and website URL, if configured HOT 2
- `s3-credentials get-objects` command HOT 7
- `get-objects/put-objects` `--skip` and `--skip-hash` options HOT 1
- Add the options to add tags to the created resources HOT 3
- `set-public-policy` command HOT 5
- Add s3:PutObjectAcl to write policies HOT 3
- `s3-credentials delete-objects` command HOT 11
- Mysterious test failure in `test_put_objects` HOT 4
- debug-bucket command HOT 3
- Command to make a bucket public HOT 4
- `s3-credentials create name-of-bucket --create-bucket --public` fails with error HOT 4
- `s3-credentials list-bucket --urls` option HOT 1
- CI failures, including ImportError: cannot import name 'mock_s3' from 'moto' HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from s3-credentials.