如何解决CloudTrail 使用 Boto 登录 DyanmoDB
我正在编写一个 boto 脚本,该脚本将创建一个 IAM Policy 并将其属性存储在一个 Dynamodb 表中。我有一个 python 函数,它从另一个文件调用诸如 region、instance_type、ebs_volume_size、meta_template_name、start_time、end_time 等属性。在为 Cloudtrail 编写代码时,我收到了一个 error 用于 putItem 说
“调用 CreateTable 操作时发生错误(ValidationException):无效的 KeySchema:某些索引键属性没有定义”。
这是我的代码,我不确定有什么问题。
import jmespath
import boto3
import sys
import json
import time
import meta_templates
from jinja2 import Template
iam = boto3.client('iam')
sts = boto3.client('sts')
ec2 = boto3.resource('ec2')
cloudtrail = boto3.client('cloudtrail')
s3 = boto3.client('s3')
sqs = boto3.client('sqs')
lambd = boto3.client('lambda')
dynamodb = boto3.resource('dynamodb')
###########################
##### Global variables ####
###########################
region="us-east-2"
instance_type="t2.micro"
ebs_volume_size="20"
meta_template_name="ec2_policy_meta_template"
###############################
start_time_1 = input("What's the start time")
end_time1 = input("What's the end time")
def create_aws_iam_policy_template(**kwargs):
template_data = {}
template_data["region"] = kwargs.get('region')
template_data["start_time"] = kwargs.get('end_time')
template_data["end_time"] = kwargs.get('start_time')
template_data["instance_types"] = kwargs.get('instance_type')
template_data["ebs_volume_size"] = kwargs.get('ebs_volume_size')
template_data["meta_template_name"] = kwargs.get('meta_template_name')
meta_template_dict = getattr(meta_templates,template_data["meta_template_name"])
meta_template_json = json.dumps(meta_template_dict)
template_json = Template(meta_template_json).render(template_data)
return template_json
template_json = create_aws_iam_policy_template(
region=region,instance_type=instance_type,ebs_volume_size=ebs_volume_size,meta_template_name=meta_template_name,start_time = start_time_1,end_time = end_time1
)
print(template_json)
#Create S3 Bucket for CloudTrail
# Create a bucket policy
bucket_name = 'goodbucket3'
bucket_policy = {
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Principal": {"Service": "cloudtrail.amazonaws.com"},"Action": "s3:GetBucketAcl","Resource": f"arn:aws:s3:::{bucket_name}"
},{
"Effect": "Allow","Action": "s3:PutObject","Resource": f"arn:aws:s3:::{bucket_name}/AWSLogs/562922379100/*","Condition": {"StringEquals": {"s3:x-amz-acl": "bucket-owner-full-control"}}
}
]
}
# Convert the policy from JSON dict to string
bucket_policy = json.dumps(bucket_policy)
# Set the new policy
s3.put_bucket_policy(Bucket='goodbucket3',Policy=bucket_policy)
result = s3.get_bucket_policy(Bucket='goodbucket3')
logs = cloudtrail.create_trail(
Name='GoodTrail',S3BucketName='goodbucket3',)
response = cloudtrail.start_logging(
Name= f"arn:aws:cloudtrail:us-east-1:562922379100:trail/GoodTrail"
)
table =dynamodb.create_table(
TableName='GoodTable',KeySchema=[
{
'AttributeName': 'Content','KeyType': 'HASH' # Partition key
},{
'AttributeName': 'Details','KeyType': 'HASH' # Sort key
}
],AttributeDefinitions=[
{
"AttributeName": "Content","AttributeType": "S"
}
],ProvisionedThroughput={
"ReadCapacityUnits": 1,"WriteCapacityUnits": 1
}
)
time.sleep(20)
table = dynamodb.Table('GoodTable')
response = table.put_item(
Item= {
'Content': 'Volume Size','Details': f'{ebs_volume_size}',}
)
response = table.put_item(
Item= {
'Content': 'Instance Type','Details': f'{instance_type}',}
)
response = table.put_item(
Item= {
'Content': 'Region','Details': f'{region}',}
)
解决方法
来自文档 PutItem
当您添加项目时,主键属性是唯一必需的属性。属性值不能为空。
您使用 S3BucketName 作为 Partition key 声明了您的架构。
],KeySchema=[
{
"AttributeName": "S3BucketName","KeyType": "HASH"
}
],所以当你添加一个项目时,你也必须提供它。
例如:
KeySchema=[
{
'AttributeName': 'year','KeyType': 'HASH' # Partition key
},{
'AttributeName': 'title','KeyType': 'RANGE' # Sort key
}
]
response = table.put_item(
Item={
'year': year,'title': title,'info': {
'plot': plot,'rating': rating
}
}
)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。