本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
附加项目策略 (SDK)
可以通过调用 PutProjectpolicy 操作将项目策略附加到 Amazon Rekognition Custom Labels 项目。
附加多个项目策略到一个项目时,请对要添加的每个项目策略调用 PutProjectPolicy。最多可以附加五个项目策略到一个项目。如果需要附加更多项目策略,可以请求提高限制。
首次附加唯一的项目策略到项目时,请不要在 PolicyRevisionId 输入参数中指定修订版 ID。PutProjectPolicy 的响应是 Amazon Rekognition Custom Labels 为您创建的项目策略的修订版 ID。您可以使用该修订版 ID 来更新或删除项目策略的最新修订版。Amazon Rekognition Custom Labels 仅保留项目策略的最新修订版。如果尝试更新或删除项目策略的上一个修订版,会发生 InvalidPolicyRevisionIdException 错误。
要更新现有项目策略,请在 PolicyRevisionId 输入参数中指定项目策略的修订版 ID。可通过调用 ListProjectPolicies 来获取项目中项目策略的修订版 ID。
附加项目策略到源项目后,就可以将模型从源项目复制到目标项目。有关更多信息,请参阅复制模型 (SDK)。
要从项目中移除项目策略,请调用 DeleteProjectPolicy。要获取附加到项目的项目策略列表,请调用 ListProjectPolicies。
附加项目策略到项目 (SDK)
-
安装并配置 AWS CLI 和 AWS SDK(如果尚未如此)。有关更多信息,请参阅步骤 4:设置 AWS CLI 和 AWS 软件开发工具包。
-
使用以下代码将项目策略附加到包含要复制的模型版本的信任的 AWS 账户中的项目。要获取项目 ARN,请调用 DescribeProjects。要获取模型版本 ARN,请调用 DescribeProjectVersions。
- AWS CLI
-
更改以下值:
-
将
project-arn更改为包含要复制的模型版本的信任的 AWS 账户中的源项目的 ARN。 -
将
policy-name更改为您选择的策略名称。 -
将
principal更改为要允许或拒绝其对您在Model version ARN中指定的模型版本进行访问的主体。 -
将
project-version-arn更改为要复制的模型版本的 ARN。
如果要更新现有项目策略,请指定
policy-revision-id参数并提供所需项目策略的修订版 ID。aws rekognition put-project-policy \ --project-arnproject-arn\ --policy-namepolicy-name\ --policy-document '{ "Version":"2012-10-17", "Statement":[{ "Effect":"ALLOW or DENY", "Principal":{ "AWS":"principal" }, "Action":"rekognition:CopyProjectVersion", "Resource":"project-version-arn" }]}' \ --profile custom-labels-access -
- Python
-
使用以下代码。提供以下命令行参数:
-
project_arn:要将项目策略附加到的源项目的 ARN。 -
policy_name:您选择的策略名称。 -
project_policy:包含项目策略文档的文件。 -
policy_revision_id–(可选)。如果要更新项目策略的现有修订版,请指定项目策略的修订版 ID。
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 """ Purpose Amazon Rekognition Custom Labels model example used in the service documentation: https://docs.aws.amazon.com/rekognition/latest/customlabels-dg/md-copy-model-sdk.html Shows how to attach a project policy to an Amazon Rekognition Custom Labels project. """ import boto3 import argparse import logging import json from botocore.exceptions import ClientError logger = logging.getLogger(__name__) def put_project_policy(rek_client, project_arn, policy_name, policy_document_file, policy_revision_id=None): """ Attaches a project policy to an Amazon Rekognition Custom Labels project. :param rek_client: The Amazon Rekognition Custom Labels Boto3 client. :param policy_name: A name for the project policy. :param project_arn: The Amazon Resource Name (ARN) of the source project that you want to attach the project policy to. :param policy_document_file: The JSON project policy document to attach to the source project. :param policy_revision_id: (Optional) The revision of an existing policy to update. Pass None to attach new policy. :return The revision ID for the project policy. """ try: policy_document_json = "" response = None with open(policy_document_file, 'r') as policy_document: policy_document_json = json.dumps(json.load(policy_document)) logger.info( "Attaching %s project_policy to project %s.", policy_name, project_arn) if policy_revision_id is None: response = rek_client.put_project_policy(ProjectArn=project_arn, PolicyName=policy_name, PolicyDocument=policy_document_json) else: response = rek_client.put_project_policy(ProjectArn=project_arn, PolicyName=policy_name, PolicyDocument=policy_document_json, PolicyRevisionId=policy_revision_id) new_revision_id = response['PolicyRevisionId'] logger.info( "Finished creating project policy %s. Revision ID: %s", policy_name, new_revision_id) return new_revision_id except ClientError as err: logger.exception( "Couldn't attach %s project policy to project %s: %s }", policy_name, project_arn, err.response['Error']['Message'] ) raise def add_arguments(parser): """ Adds command line arguments to the parser. :param parser: The command line parser. """ parser.add_argument( "project_arn", help="The Amazon Resource Name (ARN) of the project " "that you want to attach the project policy to." ) parser.add_argument( "policy_name", help="A name for the project policy." ) parser.add_argument( "project_policy", help="The file containing the project policy JSON" ) parser.add_argument( "--policy_revision_id", help="The revision of an existing policy to update. " "If you don't supply a value, a new project policy is created.", required=False ) def main(): logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s") try: # get command line arguments parser = argparse.ArgumentParser(usage=argparse.SUPPRESS) add_arguments(parser) args = parser.parse_args() print(f"Attaching policy to {args.project_arn}") session = boto3.Session(profile_name='custom-labels-access') rekognition_client = session.client("rekognition") # Attach a new policy or update an existing policy. response = put_project_policy(rekognition_client, args.project_arn, args.policy_name, args.project_policy, args.policy_revision_id) print( f"project policy {args.policy_name} attached to project {args.project_arn}") print(f"Revision ID: {response}") except ClientError as err: print("Problem attaching project policy: %s", err) if __name__ == "__main__": main() -
- Java V2
-
使用以下代码。提供以下命令行参数:
-
project_arn:要将项目策略附加到的源项目的 ARN。 -
project_policy_name:您选择的策略名称。 -
project_policy_document:包含项目策略文档的文件。 -
project_policy_revision_id–(可选)。如果要更新项目策略的现有修订版,请指定项目策略的修订版 ID。
/* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 */ package com.example.rekognition; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.util.logging.Level; import java.util.logging.Logger; import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.rekognition.RekognitionClient; import software.amazon.awssdk.services.rekognition.model.PutProjectPolicyRequest; import software.amazon.awssdk.services.rekognition.model.RekognitionException; public class PutProjectPolicy { public static final Logger logger = Logger.getLogger(PutProjectPolicy.class.getName()); public static void putMyProjectPolicy(RekognitionClient rekClient, String projectArn, String projectPolicyName, String projectPolicyFileName, String projectPolicyRevisionId) throws IOException { try { Path filePath = Path.of(projectPolicyFileName); String policyDocument = Files.readString(filePath); String[] logArguments = new String[] { projectPolicyFileName, projectPolicyName }; PutProjectPolicyRequest putProjectPolicyRequest = null; logger.log(Level.INFO, "Attaching Project policy: {0} to project: {1}", logArguments); // Attach the project policy. if (projectPolicyRevisionId == null) { putProjectPolicyRequest = PutProjectPolicyRequest.builder().projectArn(projectArn) .policyName(projectPolicyName).policyDocument(policyDocument).build(); } else { putProjectPolicyRequest = PutProjectPolicyRequest.builder().projectArn(projectArn) .policyName(projectPolicyName).policyRevisionId(projectPolicyRevisionId) .policyDocument(policyDocument) .build(); } rekClient.putProjectPolicy(putProjectPolicyRequest); logger.log(Level.INFO, "Attached Project policy: {0} to project: {1}", logArguments); } catch ( RekognitionException e) { logger.log(Level.SEVERE, "Client error occurred: {0}", e.getMessage()); throw e; } } public static void main(String args[]) { final String USAGE = "\n" + "Usage: " + "<project_arn> <project_policy_name> <policy_document> <project_policy_revision_id>\n\n" + "Where:\n" + " project_arn - The ARN of the project that you want to attach the project policy to.\n\n" + " project_policy_name - A name for the project policy.\n\n" + " project_policy_document - The file name of the project policy.\n\n" + " project_policy_revision_id - (Optional) The revision ID of the project policy that you want to update.\n\n"; if (args.length < 3 || args.length > 4) { System.out.println(USAGE); System.exit(1); } String projectArn = args[0]; String projectPolicyName = args[1]; String projectPolicyDocument = args[2]; String projectPolicyRevisionId = null; if (args.length == 4) { projectPolicyRevisionId = args[3]; } try { RekognitionClient rekClient = RekognitionClient.builder() .credentialsProvider(ProfileCredentialsProvider.create("custom-labels-access")) .region(Region.US_WEST_2) .build(); // Attach the project policy. putMyProjectPolicy(rekClient, projectArn, projectPolicyName, projectPolicyDocument, projectPolicyRevisionId); System.out.println( String.format("project policy %s: attached to project: %s", projectPolicyName, projectArn)); rekClient.close(); } catch (RekognitionException rekError) { logger.log(Level.SEVERE, "Rekognition client error: {0}", rekError.getMessage()); System.exit(1); } catch (IOException intError) { logger.log(Level.SEVERE, "Exception while reading policy document: {0}", intError.getMessage()); System.exit(1); } } } -
-
按照复制模型 (SDK)中的说明复制模型版本。
创建项目策略文档
复制模型 (SDK)