user_client = Minio(
's3.amazonaws.com',
access_key='YOUR-ACCESSKEYID',
secret_key='YOUR-SECRETKEY',
)
_RESTRICTED_UPLOAD_POLICY = """{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucket/*"
],
"Sid": "Upload-access-to-specific-bucket-only"
}
]
}
"""
provider = AssumeRoleProvider(
lambda: user_client.get_assume_role_creds(_RESTRICTED_UPLOAD_POLICY), )
client = Minio(
's3.amazonaws.com',
credentials=Credentials(provider),
)
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucket/*"
],
"Sid": "Upload-access-to-specific-bucket-only"
}
]
}
"""
credentials_provider = AssumeRoleProvider(
get_assume_role_creds=lambda: client.get_assume_role_creds(
policy=_RESTRICTED_UPLOAD_POLICY))
temp_creds = Credentials(provider=credentials_provider)
# User can access the credentials for e.g. serialization
print("Retrieved temporary credentials:")
print(temp_creds.get().access_key)
print(temp_creds.get().secret_key)
# Initialize Minio client with the temporary credentials
restricted_client = Minio('s3.amazonaws.com', credentials=temp_creds)
# Get a full object.
data = restricted_client.get_object('my-bucket', 'my-object')
with open('/tmp/testfile', 'wb') as file_data:
for d in data.stream(32 * 1024):
