Python Boto3创建存储桶的文档令人困惑?

huangapple go评论75阅读模式
英文:

Confusing documentation from Python Boto3 to create bucket?

问题

根据下面链接中的请求语法,我们可以将ACL参数传递给create_bucket方法,ACL设置为'public-read'。

但是,当我尝试这样做时,出现了以下错误:

botocore.exceptions.ClientError: 调用CreateBucket操作时发生错误(InvalidBucketAclWithBlockPublicAccessError):无法启用BlockPublicAccess并设置公共ACL的存储桶。

如果"public-read"可能引发该错误,为什么文档中还提到了该选项呢?我们是否可以简单地调用"put_public_access_block"然后调用"put_bucket_acl"方法呢?

以下是我尝试的代码示例:

def create_bucket(bucket_name, acl):
    bucket = boto3.client('s3')

    response = bucket.create_bucket(
        Bucket=bucket_name,
        ObjectOwnership='BucketOwnerPreferred',
        ACL=acl,
        CreateBucketConfiguration={
            'LocationConstraint':'us-west-1',

        }
    )

create_bucket('sample_bucket', 'public-read')

阻止公共访问的账户级设置
Python Boto3创建存储桶的文档令人困惑?

英文:

As per the Request Syntax in below link, we can pass ACL parameter to create_bucket method with ACL as 'public-read'.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/s3/client/create_bucket.html

but when I pass it giving the error as

> botocore.exceptions.ClientError: An error occurred (InvalidBucketAclWithBlockPublicAccessError) when calling the CreateBucket operation: Bucket cannot have public ACLs set with BlockPublicAccess enabled

If the "public-read" can raise that error, why it mentioned about that option in the documentation? We can simply call "put_public_access_block" and then "put_bucket_acl" methods right?

Below is code sample of what I tried

def create_bucket(bucket_name, acl):
    bucket = boto3.client('s3')

    response = bucket.create_bucket(
        Bucket=bucket_name,
        ObjectOwnership='BucketOwnerPreferred',
        ACL=acl,
        CreateBucketConfiguration={
            'LocationConstraint':'us-west-1',

        }
    )

create_bucket('sample_bucket', 'public-read')

Account level setting for block public access
Python Boto3创建存储桶的文档令人困惑?

答案1

得分: 1

这种行为符合Amazon S3的设计和其安全最佳实践。

您提到的文档提到了ACL参数的'public-read'选项,因为它代表了可以与S3存储桶一起使用的可能ACL配置之一。但是,请注意'public-read' ACL与阻止公共访问设置不兼容。

英文:

This behavior is in accordance with the design of Amazon S3 and its security best practices.

The documentation you referred to mentions the 'public-read' option for the ACL parameter because it represents one of the possible ACL configurations that can be used with S3 buckets. However, it's important to note that the 'public-read' ACL is incompatible with Block Public Access settings.

huangapple
  • 本文由 发表于 2023年7月6日 21:17:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/76629269.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定