在通过AWS CLI向存储桶添加策略时,可以使用bash变量吗?

时间:2020-05-19 02:56:45

标签: bash aws-cli

我正在使用AWS CLI创建策略并将其上传到多个存储桶-示例:

#!/usr/bin/env bash
NAME="test_client"
aws s3 create-bucket --bucket ${NAME}_source_bucket

太好了。到目前为止一切都很好。接下来,我要运行以下命令:

ARN="xxxx-xxxx-xxxx"
put-bucket-policy --bucket ${NAME}_source_bucket --policy source_bucket_policy.json

我的存储桶政策在以下方面起作用:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::${NAME}_source_bucket"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::${NAME}_source_bucket/*"
        }
    ]
}

1 个答案:

答案 0 :(得分:3)

如果您是通过脚本编写的,则可以使用heredoc

如果您是从命令行重复运行此代码,则还可以创建一个模板JSON。

此处文档 

#!/usr/bin/env bash
NAME="test_client"
aws s3 create-bucket --bucket ${NAME}_source_bucket
ARN="xxxx-xxxx-xxxx"
put-bucket-policy --bucket ${NAME}_source_bucket --policy << EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::${NAME}_source_bucket"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::${ARN}:role/${NAME}_source_role"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::${NAME}_source_bucket/*"
        }
    ]
}
EOF

模板 

# create the template, only need to do this once
cat << EOF > mytemplate.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<ARN>:role/<NAME>_source_role"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::<NAME>_source_bucket"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::<ARN>:role/<NAME>_source_role"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<NAME>_source_bucket/*"
        }
    ]
}

# overwrite the template with your values
NAME="test_client"
ARN="xxxx-xxxx-xxxx"
sed -e "s/<ARN>/${ARN}/g" -e "s/<NAME>/${NAME}/g" mytemplate.json > source_bucket_policy.json

# run aws commands
aws s3 create-bucket --bucket ${NAME}_source_bucket
put-bucket-policy --bucket ${NAME}_source_bucket --policy source_bucket_policy.json
相关问题
最新问题