in social-media/create-aml-model.py [0:0]
def check_bucket_policy(s3_key):
with open('amlS3ReadPolicyTemplate.json') as read_policy_template_file_handle:
target_bucket_policy = read_policy_template_file_handle.read().format(bucketName=s3_key.bucket.name,
keyName=s3_key.name)
print("Checking access policy on {0}".format("s3://{0}/{1}".format(s3_key.bucket.name, s3_key.name)))
# Fetch current bucket policy
existing_bucket_policy = ''
try:
existing_bucket_policy = s3_key.bucket.get_policy()
except S3ResponseError as e:
if 'The bucket policy does not exist' != e.message:
# Unknown exception hence raise it to the user.
raise e
updated_policy_json = determine_changed_bucket_policy(existing_bucket_policy, target_bucket_policy)
if updated_policy_json is not None:
# log existing bucket policy
print("Current bucket policy:\n{0}\n".format(pretty_print(existing_bucket_policy)))
# log summary of the required resource access
required_access = json.dumps(json.loads(target_bucket_policy)['Statement'][0])
print("Required resource access:\n{0}\n".format(pretty_print(required_access)))
# log a suggested bucket policy that add the required access to the existing policy
print("Suggested bucket policy:\n{0}\n".format(pretty_print(updated_policy_json)))
help_url_1 = "http://docs.aws.amazon.com/AmazonS3/latest/UG/EditingBucketPermissions.html"
help_url_2 = "http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html"
print("See {0} and {1} for details.".format(help_url_1, help_url_2))
sys.exit("Please retry after setting appropriate policy on bucket {0}.".format(s3_key.bucket.name))