AWS: Boto3 Enable S3 Versioning/Lifecycle - Access denied

1
votes

I am trying to pass boto3 a list of bucket names and have it first enable versioning on each bucket, then enable a lifecycle policy on each.

I have done aws configure, and do have two profiles, both current, active user profiles with all necessary permissions. The one I want to use is named "default."

import boto3


# Create session
s3 = boto3.resource('s3')

# Bucket list
buckets = ['BUCKET-NAME']

# iterate through list of buckets
for bucket in buckets:
    # Enable Versioning
    bucketVersioning = s3.BucketVersioning('bucket')
    bucketVersioning.enable()

    # Current lifecycle configuration
    lifecycleConfig = s3.BucketLifecycle(bucket)
    lifecycleConfig.add_rule={
        'Rules': [
            {
                'Status': 'Enabled',
                'NoncurrentVersionTransition': {
                    'NoncurrentDays': 7,
                    'StorageClass': 'GLACIER'
                },
                'NoncurrentVersionExpiration': {
                    'NoncurrentDays': 30
                }
            }
        ]
    }


    # Configure Lifecycle
    bucket.configure_lifecycle(lifecycleConfig)


print "Versioning and lifecycle have been enabled for buckets."

When I run this I get the following error:

Traceback (most recent call last):
  File "putVersioning.py", line 27, in <module>
    bucketVersioning.enable()
  File "/usr/local/lib/python2.7/dist-packages/boto3/resources/factory.py", line 520, in do_action
    response = action(self, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/boto3/resources/action.py", line 83, in __call__
    response = getattr(parent.meta.client, operation_name)(**params)
  File "/home/user/.local/lib/python2.7/site-packages/botocore/client.py", line 253, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/home/user/.local/lib/python2.7/site-packages/botocore/client.py", line 557, in _make_api_call
    raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the PutBucketVersioning operation: Access Denied

My profiles has full privileges, so that shouldn't be a problem. Is there something else I need to do for passing credentials? Thanks everyone!

2
amazon-web-servicesamazon-s3boto3
Do you mean "role" or "user" when you write "profile"? Which privileges has "default" got? If it's a role, have you verified that you are running on a machine? If it's a user, have you verified that your AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are valid and active?l0b0
Sorry, I didn't specify that. My profile is my "user" profile. It is valid and active, I can do everything through the aws cli.flyingcars34
Is this your actual code? Did you mean to use the bucket named 'bucket'?Joel Cornett
This is my actual code minus that. I changed the bucket name.flyingcars34

2 Answers

1
votes

To set the versioning state, you must be the bucket owner.

The above statement means - To use PutBucketVersioning operation to enable the versioning, you must be the owner of the bucket.

Use the below command to check the owner of the bucket. If you are the owner of the bucket, you should be able to set the versioning state as ENABLED / SUSPENDED.

aws s3api get-bucket-acl --bucket yourBucketName
0
votes

Ok, notionquest is correct; however, it appears I also goofed up in my code by quoting a variable:

bucketVersioning = s3.BucketVersioning('bucket')

should be

bucketVersioning = s3.BucketVersioning(bucket)