{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::job/*",
"arn:aws:s3:::<bucket>/<object>",
"arn:aws:s3:::<bucket>"
]
}
]
}
这个想法是从所有s3特权开始,然后从
那里。但是,这还不够。首先我得到警告
AWS关于权限本身。 所有人中的第二个获得访问权限
来自mkfs.s3ql
$ mkfs.s3ql s3://<region>/<bucket>/<directory>/test
Before using S3QL, make sure to read the user's guide, especially
the 'Important Rules to Avoid Losing Data' section.
Enter encryption password:
Confirm encryption password:
Generating random encryption key...
ERROR: Uncaught top-level exception:
Traceback (most recent call last):
File "/home/core/.local/bin/mkfs.s3ql", line 11, in <module>
load_entry_point('s3ql==3.1', 'console_scripts', 'mkfs.s3ql')()
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/mkfs.py", line 123, in main
backend['s3ql_passphrase'] = data_pw
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/common.py", line 197, in __setitem__
self.store(key, value)
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/common.py", line 307, in store
self.perform_write(lambda fh: fh.write(val), key, metadata)
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/common.py", line 108, in wrapped
return method(*a, **kw)
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/common.py", line 279, in perform_write
return fn(fh)
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/comprenc.py", line 389, in __exit__
self.close()
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/comprenc.py", line 383, in close
self.fh.close()
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/comprenc.py", line 548, in close
self.fh.close()
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/common.py", line 108, in wrapped
return method(*a, **kw)
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/s3c.py", line 909, in close
headers=self.headers, body=self.fh)
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/s3c.py", line 528, in _do_request
self._parse_error_response(resp)
File "/home/core/.local/lib/python3.6/site-packages/s3ql-3.1-py3.6-linux-x86_64.egg/s3ql/backends/s3c.py", line 561, in _parse_error_response
raise get_S3Error(tree.findtext('Code'), tree.findtext('Message'), resp.headers)
s3ql.backends.s3c.AccessDeniedError: AccessDenied: Access Denied
但是,如果我使用我的超级用户帐户执行操作,则文件系统已成功创建。
$ mkfs.s3ql s3://<region>/<bucket>/<directory>/test --authfile=super_auth
Before using S3QL, make sure to read the user's guide, especially
the 'Important Rules to Avoid Losing Data' section.
Enter encryption password:
Confirm encryption password:
Generating random encryption key...
Creating metadata tables...
Dumping metadata...
Dumping metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Compressing and uploading metadata...
Wrote 155 bytes of compressed metadata.
Cycling metadata backups...
Backing up old metadata...
Please store the following master key in a safe location. It allows
decryption of the S3QL file system in case the storage objects holding
this information get corrupted:
---BEGIN MASTER KEY---
**** **** **** **** **** **** **** **** **** **** ****
---END MASTER KEY---
显然,我宁愿不分配超级用户权限来备份 脚本。有没有一种方法可以确定对哪些权限进行了调用 给定操作过程中需要哪些资源?通常感觉 就像这是确定最低要求的好方法 特权是。