Last active
December 16, 2019 17:51
-
-
Save sebsto/9a958ff1c761b8c7c90d to your computer and use it in GitHub Desktop.
Create IAM User and Attach a Policy using Boto and JSON
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json, boto | |
| # Connect to IAM with boto | |
| iam = boto.connect_iam(ACCESS_KEY, SECRET_KEY) | |
| # Create user | |
| user_response = iam.create_user('aws-user') | |
| # Create Policy | |
| policy = { 'Version' : '2012-10-17'} | |
| policy['Statement'] = [{'Sid' : 'AwsIamUserPython', | |
| 'Effect': 'Allow', | |
| 'Action': 's3:*', | |
| 'Resource': 'arn:aws:s3:::class-rocks/*'}] | |
| policy_json = json.dumps(policy, indent=2) | |
| iam.put_user_policy('aws-user', 'allow_access_class-rocks', policy_json) | |
| # Generate new access key pair for 'aws-user' | |
| key_response = iam.create_access_key('aws-user') |
policy['Statement'][0]['Resource']=['arn:aws:s3:::class-rocks','arn:aws:s3:::class-rocks/*']
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I also needed to add the bucket itself to the resource list--