def get_bucket_policy_statement(cuid):
try:
s3_client = boto3.client('s3')
# Load the bucket policy as an object
bucket_policy = BucketPolicy(
serviceModule=s3_client,
resourceIdentifer=os.environ['bucketName'])
# Select the statement that will be modified
statement_to_modify = bucket_policy.select_statement(
PolicyHelperBucketLevel.get_customer_bucket_policy_statementId(
cuid))
except ClientError as e:
if e.response['Error']['Code'] == "NoSuchBucketPolicy":
statement_to_modify = None
else:
raise
return statement_to_modify
def bucket_policy(service_role, bucket_name, sub_account):
#s3_client = boto3.client('s3')
print "in bucket policy"
subaccount = {}
subaccount["Id"] = sub_account
sess = getsession(subaccount)
s3_client = sess.client('s3')
stsclient = sess.client('sts')
#bucket_name = 'testcustomresourc47s3'
# Load the bucket policy as an object
bucket_policy = BucketPolicy(serviceModule=s3_client,
resourceIdentifer=bucket_name)
print "bucket policy dary call " + str(bucket_policy.get_policy())
statementid = "CrossAccountAccess"
#print "statement" + statementid
print("Using account: %s" %
stsclient.get_caller_identity().get('Account'))
print "bucket name " + bucket_name
# Select the statement that will be modified
statement_to_modify = bucket_policy.select_statement(statementid)
print "statement llla " + str(
statement_to_modify.source_policy.get_policy())
# Insert new_user_arn into the list of Principal['AWS']
#new_user_arn = 'arn:aws:iam::888888888888:user/daniel'
print "servicerole" + service_role
aaa = statement_to_modify.Principal['AWS']
#statement_to_modify.Principal['AWS'].append(service_role)
print str(aaa)
print "servicerole after " + service_role
# Save change of the statement
statement_to_modify.save()
# Save change of the policy. This will update the bucket policy
statement_to_modify.source_policy.save() # Or bucket_policy.save()
def bucket_policy(service_role,bucket_name):
s3_client = boto3.client('s3')
#bucket_name = 'testcustomresourc47s3'
# Load the bucket policy as an object
bucket_policy = BucketPolicy(serviceModule=s3_client, resourceIdentifer=bucket_name)
statementid= "CrossAccountAccess"
# Select the statement that will be modified
statement_to_modify = bucket_policy.select_statement(statementid)
# Insert new_user_arn into the list of Principal['AWS']
#new_user_arn = 'arn:aws:iam::888888888888:user/daniel'
statement_to_modify.Principal['AWS'].append(service_role)
print str(statement_to_modify.Principal['AWS'])
# Save change of the statement
statement_to_modify.save()
# Save change of the policy. This will update the bucket policy
statement_to_modify.source_policy.save() # Or bucket_policy.save()
def whitelist_customer_accountId(accountId):
s3_client = boto3.client('s3')
# Load the bucket policy as an object
bucket_policy = BucketPolicy(serviceModule=s3_client,
resourceIdentifer=os.environ['bucketName'])
# Select the statement that will be modified
statement_to_modify = bucket_policy.select_statement(
'WhiteListedCustomersAccountIds')
if not is_accountId_already_exists(statement_to_modify, accountId):
if type(statement_to_modify.Principal['AWS']) is str:
accountIds = []
accountIds.append(statement_to_modify.Principal['AWS'])
accountIds.append(accountId)
statement_to_modify.Principal['AWS'] = accountIds
else:
statement_to_modify.Principal['AWS'].append(accountId)
# Save change of the statement
statement_to_modify.save()
statement_to_modify.source_policy.save()
encoding='utf8')
output = process.communicate()[0].split('\n')
# creating a list of the recently discovered ip addresses
ip_arr = []
for data in output:
if 'Address' in data:
ip_arr.append(data.replace('Address: ', ''))
ip_arr.pop(0)
# seting up connection to s3 bucket
s3_client = boto3.client('s3')
bucket_name = 'bucket-name'
# Load the bucket policy as an object
bucket_policy = BucketPolicy(serviceModule=s3_client,
resourceIdentifer=bucket_name)
# Select the statement that will be modified
statement_to_modify = bucket_policy.select_statement('IPAllow')
# Insert the ods-ongage ip addresses to s3 bucket
ip_address = ip_arr
statement_to_modify.Condition['IpAddress']['aws:SourceIp'] = ip_address
# Save change of the statement
statement_to_modify.save()
# Save change of the policy. This will update the bucket policy
statement_to_modify.source_policy.save() # Or bucket_policy.save()