python - 如何使用python更改AWS可​​信用户 "sts ExternalId"?

标签 python python-3.x amazon-web-services python-2.7 amazon-iam

在我的 IAM 政策信任关系中显示如下

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::279121212121212:user/ai-s-p57s13"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "xxxxxxxxxxx=2_0vy+PyUFdt728JrFjqeCOau62zU="
        }
      }
    }
  ]
}
现在我想改变信任关系 aws :: sts:ExternalId使用 python 将 id 设置为如下所示的新值:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::333333333333:user/ai-s-p57s13"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "yyyyyyyyyy=2_0vy+PyUFdt728JrFjqeCOau62zU="
        }
      }
    }
  ]
}
使用 python我想改变
我尝试使用以下代码:
import boto3

client = boto3.client('iam')
response = client.attach_role_policy(RoleName='testrole', PolicyArn='arn:aws:iam::279121212121212:user/testrole')
trust_policy = response['Role']['AssumeRolePolicyDocument']
trust_policy['Statement'][0]['Principal'] ['AWS']= 'arn:aws:iam::279121212121212:user/ai-s-p57s13'

最佳答案

您可以按如下方式执行此操作:

import json
import boto3

iam = boto3.client('iam')

role_name = "testrole"

# get existing role info
role_info = iam.get_role(RoleName = role_name)

# get trust policy
trust_policy = role_info['Role']['AssumeRolePolicyDocument']

#print(trust_policy)

# get external_id
exiting_external_id = trust_policy['Statement'][0]['Condition']['StringEquals']['sts:ExternalId']

#print(exiting_external_id)

new_prefix='yyyyyyyyyy'

# create new external id
new_external_id = new_prefix + "=" + exiting_external_id.split('=', 1)[1]

#print(new_external_id)

# update the trust policy
trust_policy['Statement'][0]['Condition']['StringEquals']['sts:ExternalId'] = new_external_id

print(trust_policy)

# update the role
response = iam.update_assume_role_policy(
    RoleName=role_name,
    PolicyDocument=json.dumps(trust_policy)
)

print(response)

关于python - 如何使用python更改AWS可​​信用户 "sts ExternalId"?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67544027/

上一篇:javascript - 当其他应用开始播放音频时,移动网站如何暂停视频?

下一篇:java - 为什么 Firefox WebDriver 不会从以前的浏览器 session 中加载 Cookie?

相关文章:

python - 如何避免实例之间共享类数据?

python - 根据任何图像几何形状调整 GraphicView

amazon-web-services - AWS SAM - 如何指定函数的名称

java - 如何检索 amazon DynamoDB 中特定列的所有值?

amazon-web-services - AWS EMR 在加速端点配置上引发异常

python - 集成 Erlang 和 python 的最佳方式

python - 如何在 Windows 7 64 位上使用 theano 设置 cuDnn

python - matplotlib Six.moves.urllib.request导入错误

python-3.x - Scrapy 日志记录级别更改

python - 如何从 Checkbutton 获取变量?

©2024 IT工具网  联系我们