python - 获取 ElastiCache 标签

Question

我正在尝试使用 Boto3 和 Python 获取 ElastiCache 标签。在boto3中，有一个函数叫做list_tags_for_resource()。但是，我面临的问题是，如何找到资源名称。我正在使用以下代码:

from boto3.session import Session

sess = Session(aws_access_key_id=id,aws_secret_access_key=key)
conn = sess.client(service_name='elasticache', region_name='us-east-1')
arn="arn:aws:elasticache:us-east-1:123456:cluster:name_of_cluster"
print conn.list_tags_for_resource(ResourceName=name)

这给出了以下错误:

botocore.exceptions.ClientError: An error occurred (InvalidParameterValue) when calling the ListTagsForResource operation: Unauthorized call. Please check the region or customer id

Answer 1

如果您使用 ReadOnlyAccess 托管策略，您将无法列出 elasticache 的标签。确保您的用户在其策略中明确设置了 elasticache:ListTagsForResource。 Amazon 目前并未在其 ReadOnlyAccess 策略中包含该权限。允许查看 elasticache 标签的策略如下所示:

{
    "Version": "2015-06-26",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticache:ListTagsForResource"
            ],
            "Resource": "*"
        }
    ]
}

我认为这应该是 ReadOnlyAccess 政策的一部分，并向亚马逊开了一张票。这是他们的回应:

You raise a valid point regarding "elasticache:ListTagsForResource" not being included in the AWS supplied "ReadOnlyAccess" managed policy. We can't very well call it read only when it doesn't allow someone to list tags on a named resource in my opinion. Therefore, I have opened an internal ticket with the team who controls these managed policies; requesting that the API "elasticache:ListTagsForResource" be added to "ReadOnlyAccess".