我有像这样的回复
{
"Owner": {
"DisplayName": "2414218.aws",
"ID": "xxxxxxxx"
},
"Grants": [
{
"Grantee": {
"DisplayName": "2414218.aws",
"ID": "yyyyyyyyyy"
},
"Permission": "FULL_CONTROL"
},
{
"Grantee": {
"URI": "http://acs.amazonaws.com/groups/global/AllUsers"
},
"Permission": "READ"
}
]
}
我希望更新文件以便删除AllUsers(get-object-acl应该如下所示)
{
"Owner": {
"DisplayName": "2414218.aws",
"ID": "xxxxxxxx"
},
"Grants": [
{
"Grantee": {
"DisplayName": "2414218.aws",
"ID": "yyyyyyyyyy"
},
"Permission": "FULL_CONTROL"
}
]
}
我如何做到这一点,不知道有哪些受助者可用?当我看到http://acs.amazonaws.com/groups/global/AllUsers
我目前正在使用aws s3api get-object-acl --bucket mhe-deployments-prod --key $keyFile | jq '.'查找政策
答案 0 :(得分:2)
这是一个jq过滤器,它将删除所有.Grants数组元素.Grantee.URI是" http://acs.amazonaws.com/groups/global/AllUsers":
.Grants |= map( select(.Grantee.URI != "http://acs.amazonaws.com/groups/global/AllUsers") )
输出:按要求
答案 1 :(得分:2)
您可以使用AWS CLI中的内置--query选项。好处是您不需要任何外部工具:
aws s3api get-object-acl --bucket $BUCKET --key $KEY \
--query "{Owner: Owners, \
Grants: Grants[?Grantee.URI != 'http://acs.amazonaws.com/groups/global/AllUsers']}"
答案 2 :(得分:0)
可能不是最好但是,这有效
#!/usr/local/bin/bash
# aws ~/.aws/credentials and s3cmd must be configured first with proper creds
target=''
for key in $(aws s3 ls s3://$target --recursive |awk '{print$4}') ; do
[ "${key: -1}" == "/" ] || {
award=$(aws s3api get-object-acl --bucket $target --key $key |jq '.Grants[].Grantee | .URI' |grep -v 'null' |grep AllUsers)
[ ! -z "${award}" ] && {
policy=$(aws s3api get-object-acl --bucket $target --key $key)
echo "$target: $key\n$policy\n\n" >> /tmp/policy-backup.json
echo -e "Working on: $key"
s3cmd setacl s3://$target/$key --acl-private ## s3cmd must be comfigured to your env
}
}
done
答案 3 :(得分:0)
在此问题中,也可以使用del直接删除指定的授权。 e.g
del(
.Grants[]
| select(.Grantee.URI == "http://acs.amazonaws.com/groups/global/AllUsers")
)