如何解决通过boto3解析IAM策略文档的响应
我是python的初学者,我正在尝试使用boto3从策略声明中获取Statement ID(Sid)和Condition。任何帮助表示赞赏。
政策示例:
{
"Version": "2012-10-17","Statement": [
{
"Sid": "DenyResourceShare","Effect": "Deny","Action": [
"ram:CreateResourceShare","ram:AssociateResourceShare"
],"Resource": "*","Condition": {
"ForAnyValue:StringLike": {
"aws:PrincipalArn": [
"arn:aws:organizations::*:organization/*","arn:aws:organizations::*:ou/*"
]
}
}
}
]
}
我能够获取内容,但是我不确定如何遍历策略声明。
def print_policy(id):
policy_data = org.describe_policy(
PolicyId=policy[id]
)
print(policy_data['Policy']['Content'])
content = json.loads(policy_data['Policy'])
for statement in content['Statement']:
print(statement['Sid'])
我得到了错误:
content = json.loads(policy_data['Policy'])
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/json/__init__.py",line 341,in loads
raise TypeError(f'the JSON object must be str,bytes or bytearray,'
TypeError: the JSON object must be str,not dict
试图将其转换为字符串,但出现以下错误:
content = json.loads(json.dumps(policy_data['Policy']))
for statement in content['Statement']:
print(statement['Sid'])
错误:
for statement in content['Statement']:
KeyError: 'Statement'
解决方法
使用示例,您可以遍历项目以获取例如Action
:
iam = {
"Version": "2012-10-17","Statement": [
{
"Effect": "Deny","Action": [
"ram:CreateResourceShare","ram:AssociateResourceShare"
],"Resource": "*","Condition": {
"ForAnyValue:StringLike": {
"aws:PrincipalArn": [
"arn:aws:organizations::*:organization/*","arn:aws:organizations::*:ou/*"
]
}
}
}
]
}
for item in iam['Statement']:
print(','.join(item['Action']))
输出:ram:CreateResourceShare,ram:AssociateResourceShare
但是,您的示例中没有Sid
,因此我使用了AWS
中的一个。
iam_policy = {'Version': '2012-10-17','Statement': [{'Sid': 'EnableDisableHongKong','Effect': 'Allow','Action': ['account:EnableRegion','account:DisableRegion'],'Resource': '*','Condition': {'StringEquals': {'account:TargetRegion': 'ap-east-1'}}},{'Sid': 'ViewConsole','Action': ['aws-portal:ViewAccount','account:ListRegions'],'Resource': '*'}]}
for item in iam_policy['Statement']:
print(item['Sid'])
输出:
EnableDisableHongKong
ViewConsole
带有boto3
的简单示例:
import boto3
import json
arn = 'arn:aws:iam::aws:policy/AdministratorAccess'
iam = boto3.client('iam')
policy = iam.get_policy(PolicyArn=arn)
policy_version = iam.get_policy_version(
PolicyArn=arn,VersionId=policy['Policy']['DefaultVersionId']
)
print(json.dumps(policy_version['PolicyVersion']['Document']))
print(json.dumps(policy_version['PolicyVersion']['Document']['Statement']))
此打印:
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "*","Resource": "*"}]}
[{"Effect": "Allow","Resource": "*"}]
,
您应该能够使用literal_eval将Content字符串解析为python dict
:
import ast
# later
content = ast.literal_eval(policy_data['Policy']['Content'])
# content should be dict now
print(type(content))
print(content)
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。