所以我试图通过python自动化我通常在aws:iam控制台上执行的操作。 此策略按原样验证。如您在这里看到的:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": [
"arn:aws:iam::123465790123:role/account-adm",
"arn:aws:iam::123465790123:role/account-adm",
"arn:aws:iam::123465790123:role/account-adm",
"arn:aws:iam::123465790123:role/account-adm"
]
}
]
}
当然,帐户ID是伪造的,但是可以验证。
因此,向这部分代码提供相同的策略是行不通的:
def create(iam, name, desc, policy):
response = iam.create_policy(
PolicyName = name,
Description = desc,
PolicyDocument=json.dumps(policy)
)
这是从aws建议的执行方法中获得的,ofc:https://docs.aws.amazon.com/code-samples/latest/catalog/python-iam-create_policy.py.html
这是我得到的错误:
botocore.errorfactory.MalformedPolicyDocumentException: An error occurred (MalformedPolicyDocument) when calling the CreatePolicy operation: Syntax errors in policy.
这让我有些困惑,因为我不明白为什么它在控制台上无法正常工作。因此,在花了很多时间搜索之后,我根本找不到任何可以帮助我的东西,或者我在这里完全被误导了。
任何帮助表示赞赏。
谢谢
答案 0 :(得分:0)
我尝试使用您发布的策略创建IAM策略,并遇到相同的问题。看来json.dumps()的输出是导致错误的原因。
尽管如此,您仍然可以这样做
import boto3
def create_iam_policy(iam, name, desc, policy):
response = iam.create_policy(
PolicyName = name,
Description = desc,
PolicyDocument= policy
)
return response
iam = boto3.client('iam')
my_managed_policy = {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": [
"arn:aws:iam::123465790123:role/account-adm",
"arn:aws:iam::123465790123:role/account-adm",
"arn:aws:iam::123465790123:role/account-adm",
"arn:aws:iam::123465790123:role/account-adm"
]
}
]
}
print(create_iam_policy(iam, 'test-policy', 'test desc', my_managed_policy))