我正在尝试使用 Boto3 和 Python 获取 ElastiCache 标签。在boto3中,有一个函数叫做list_tags_for_resource()。但是,我面临的问题是,如何找到资源名称。我正在使用以下代码:
from boto3.session import Session
sess = Session(aws_access_key_id=id,aws_secret_access_key=key)
conn = sess.client(service_name='elasticache', region_name='us-east-1')
arn="arn:aws:elasticache:us-east-1:123456:cluster:name_of_cluster"
print conn.list_tags_for_resource(ResourceName=name)
这给出了以下错误:
botocore.exceptions.ClientError: An error occurred (InvalidParameterValue) when calling the ListTagsForResource operation: Unauthorized call. Please check the region or customer id
最佳答案
如果您使用 ReadOnlyAccess 托管策略,您将无法列出 elasticache 的标签。确保您的用户在其策略中明确设置了 elasticache:ListTagsForResource
。 Amazon 目前并未在其 ReadOnlyAccess 策略中包含该权限。允许查看 elasticache 标签的策略如下所示:
{
"Version": "2015-06-26",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticache:ListTagsForResource"
],
"Resource": "*"
}
]
}
我认为这应该是 ReadOnlyAccess 政策的一部分,并向亚马逊开了一张票。这是他们的回应:
You raise a valid point regarding "elasticache:ListTagsForResource" not being included in the AWS supplied "ReadOnlyAccess" managed policy. We can't very well call it read only when it doesn't allow someone to list tags on a named resource in my opinion. Therefore, I have opened an internal ticket with the team who controls these managed policies; requesting that the API "elasticache:ListTagsForResource" be added to "ReadOnlyAccess".
关于python - 获取 ElastiCache 标签,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30724628/