我有一个自定义AMI,使用ec2-upload-bundle在上传过程中失败,但其余项目是通过AWS控制面板上传的。但是,这意味着大约一半的捆绑部分缺少“za-team”受让人,这似乎是AMI成功启动所必需的。如何将“za-team”的相关“打开/下载”权限批量应用到存储桶中缺少的文件?
答案 0 :(得分:0)
我花了一些时间来弄清楚我是Ruby的新手;但是,以下循环遍历存储桶中的所有文件并附加文件上指示的权限。 acl.grant command上的相关SDK文档提供了有关脚本正在执行的操作的一些信息。
#!/usr/bin/ruby
# -----------------------------------------------------------------------------
# This script provides a means of updating all of the files in an S3 bucket to
# have the correct permissions. As this script is effectively throwaway it
# doesn't do much beyond making sure it runs at least once, however, is worth
# keeping around as a reference in the event the problem arises again.
# -----------------------------------------------------------------------------
require 'rubygems'
require 'aws-sdk'
# The following is the Amazon ID for the za-team group which is used for EC2
# operations in S3 buckets
za_team = '6aa5a366c34c1cbe25dc49211496e913e0351eb0e8c37aa3477e40942ec6b97c'
# Note the configuration points
AWS.config({
:access_key_id => '[Access Key Here]',
:secret_access_key => '[Secret Access Key Here]',
})
bucket_name = '[Bucket Name Here]'
# Get the bucket information
s3 = AWS::S3.new
bucket = s3.buckets[bucket_name]
# Update the ACL for each item in the bucket
bucket.objects.each do |object|
puts object.key
acl = object.acl
acl.grant(:read).
to(:canonical_user_id => za_team)
object.acl = acl.to_xml
end