我正在写一个Lambda函数,它将策略附加到最新的存储桶。该脚本将策略附加到命名存储桶,但我不太确定如何获取创建的最新存储桶的名称。任何想法都赞赏:)。目前的代码如下。
import boto3
import json
client = boto3.client('s3')
bucket_name = '*'
bucket_policy = {
"Version": "2012-10-17",
"Statement": [{
"Sid": "DenyS3PublicObjectACL",
"Effect": "Deny",
"Principal": "*",
"Action": ["s3:PutObjectAcl"],
"Resource": "arn:aws:s3:::%s/*" #% bucket_name,
"Condition": {
"StringEqualsIgnoreCaseIfExists": {
"s3:x-amz-acl": [
"public-read",
"public-read-write",
"authenticated-read"
]
}
}
}]
}
bucket_policy = json.dumps(bucket_policy) # Converting the policy into a JSON string.
def lambda_handler(event, context):
response = client.put_bucket_policy(Bucket=bucket_name, ConfirmRemoveSelfBucketAccess=True, Policy=bucket_policy)