本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用 S3 批次作業啟用 S3 物件鎖定
您可以搭配 S3 物件鎖定使用 Amazon S3 批次操作,以管理許多 Amazon S3 物件的保留或啟用法務保存。 S3 您可以在資訊清單中指定目標物件的清單,並提交至批次操作以便完成。如需詳細資訊,請參閱 S3 物件鎖定保留 和 S3 物件鎖定法務保存。
下列範例示範如何使用 S3 批次操作許可建立 AWS Identity and Access Management (IAM) 角色,並更新角色許可以建立啟用物件鎖定的任務。您也必須有一個CSV
清單,可識別 S3 批次操作任務的物件。如需詳細資訊,請參閱指定資訊清單。
若要使用下列範例,請取代
使用您自己的資訊。使用者輸入預留位置
-
建立IAM角色並指派要執行的 S3 批次操作許可。
所有 S3 批次操作任務都需要此步驟。
export AWS_PROFILE='
aws-user
' read -d ''batch_operations_trust_policy
<<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": [ "batchoperations.s3.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] } EOF aws iam create-role --role-namebatch_operations-objectlock
\ --assume-role-policy-document "${batch_operations_trust_policy
}" -
設定具有 S3 物件鎖定的 S3 批次操作以便執行。
在此步驟中,您允許角色執行下列動作:
-
對包含要執行批次操作的目標物件的 S3 儲存貯體執行物件鎖定。
-
讀取清單CSV檔案和物件所在的 S3 儲存貯體。
-
將 S3 批次操作任務的結果寫入報告儲存貯體。
read -d ''
batch_operations_permissions
<<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:GetBucketObjectLockConfiguration", "Resource": [ "arn:aws:s3:::{{amzn-s3-demo-manifest-bucket
}}" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::{{amzn-s3-demo-manifest-bucket
}}/*" ] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::{{amzn-s3-demo-completion-report-bucket
}}/*" ] } ] } EOF aws iam put-role-policy --role-namebatch_operations-objectlock
\ --policy-nameobject-lock-permissions
\ --policy-document "${batch_operations_permissions
}" -
下列範例示範如何使用 S3 批次操作許可建立IAM角色,以及更新角色許可,以使用 建立啟用物件鎖定的任務 AWS SDK for Java。您也必須擁有能識別用於 S3 批次操作任務之物件的 CSV
資訊清單。如需詳細資訊,請參閱指定資訊清單。
執行以下步驟:
-
建立IAM角色並指派要執行的 S3 批次操作許可。所有 S3 批次操作任務都需要此步驟。
-
設定具有 S3 物件鎖定的 S3 批次操作以便執行。
您允許角色執行下列動作:
-
對包含要執行批次操作的目標物件的 S3 儲存貯體執行物件鎖定。
-
讀取清單CSV檔案和物件所在的 S3 儲存貯體。
-
將 S3 批次操作任務的結果寫入報告儲存貯體。
-
public void createObjectLockRole() { final String roleName = "
batch_operations-object-lock
"; final String trustPolicy = "{" + " \"Version\": \"2012-10-17\", " + " \"Statement\": [ " + " { " + " \"Effect\": \"Allow\", " + " \"Principal\": { " + " \"Service\": [" + " \"batchoperations.s3.amazonaws.com\"" + " ]" + " }, " + " \"Action\": \"sts:AssumeRole\" " + " } " + " ]" + "}"; final String bopsPermissions = "{" + " \"Version\": \"2012-10-17\"," + " \"Statement\": [" + " {" + " \"Effect\": \"Allow\"," + " \"Action\": \"s3:GetBucketObjectLockConfiguration\"," + " \"Resource\": [" + " \"arn:aws:s3:::amzn-s3-demo-manifest-bucket
\"" + " ]" + " }," + " {" + " \"Effect\": \"Allow\"," + " \"Action\": [" + " \"s3:GetObject\"," + " \"s3:GetObjectVersion\"," + " \"s3:GetBucketLocation\"" + " ]," + " \"Resource\": [" + " \"arn:aws:s3:::amzn-s3-demo-manifest-bucket
/*\"" + " ]" + " }," + " {" + " \"Effect\": \"Allow\"," + " \"Action\": [" + " \"s3:PutObject\"," + " \"s3:GetBucketLocation\"" + " ]," + " \"Resource\": [" + " \"arn:aws:s3:::amzn-s3-demo-completion-report-bucket
/*\"" + " ]" + " }" + " ]" + "}"; final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); final CreateRoleRequest createRoleRequest = new CreateRoleRequest() .withAssumeRolePolicyDocument(bopsPermissions) .withRoleName(roleName); final CreateRoleResult createRoleResult = iam.createRole(createRoleRequest); final PutRolePolicyRequest putRolePolicyRequest = new PutRolePolicyRequest() .withPolicyDocument(bopsPermissions) .withPolicyName("batch_operations-permissions
") .withRoleName(roleName); final PutRolePolicyResult putRolePolicyResult = iam.putRolePolicy(putRolePolicyRequest); }