user_client = Minio( 's3.amazonaws.com', access_key='YOUR-ACCESSKEYID', secret_key='YOUR-SECRETKEY', ) _RESTRICTED_UPLOAD_POLICY = """{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:*" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::my-bucket/*" ], "Sid": "Upload-access-to-specific-bucket-only" } ] } """ provider = AssumeRoleProvider( lambda: user_client.get_assume_role_creds(_RESTRICTED_UPLOAD_POLICY), ) client = Minio( 's3.amazonaws.com', credentials=Credentials(provider), )
{ "Action": [ "s3:*" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::my-bucket/*" ], "Sid": "Upload-access-to-specific-bucket-only" } ] } """ credentials_provider = AssumeRoleProvider( get_assume_role_creds=lambda: client.get_assume_role_creds( policy=_RESTRICTED_UPLOAD_POLICY)) temp_creds = Credentials(provider=credentials_provider) # User can access the credentials for e.g. serialization print("Retrieved temporary credentials:") print(temp_creds.get().access_key) print(temp_creds.get().secret_key) # Initialize Minio client with the temporary credentials restricted_client = Minio('s3.amazonaws.com', credentials=temp_creds) # Get a full object. data = restricted_client.get_object('my-bucket', 'my-object') with open('/tmp/testfile', 'wb') as file_data: for d in data.stream(32 * 1024):