CODEWITHSUNDEEP
pythonamazon-web-servicesbotoamazon-elasticacheboto3
upaang saxena
upaang saxena

Reputation: 789

Fetching ElastiCache Tags

I am trying to fetch ElastiCache Tags using Boto3 and Python. In boto3, there is a function called- list_tags_for_resource(). But, the problem I am facing is, how to find the resource name. I am using the following code: 

from boto3.session import Session

sess = Session(aws_access_key_id=id,aws_secret_access_key=key)
conn = sess.client(service_name='elasticache', region_name='us-east-1')
arn="arn:aws:elasticache:us-east-1:123456:cluster:name_of_cluster"
print conn.list_tags_for_resource(ResourceName=name)

This is giving the following error : 

botocore.exceptions.ClientError: An error occurred (InvalidParameterValue) when calling the ListTagsForResource operation: Unauthorized call. Please check the region or customer id

Upvotes: 1

Views: 2075

Answers (2)

NoOneYouKnow
NoOneYouKnow

Reputation: 13

Well the script posted has some problems. Your passing the variable 'name' which isn't defined. I think you mean arn and maybe there are other ways to do it but I define region_name in session rather than client. Try something like this out.

session = boto3.Session(region_name='us-east-1',aws_access_key_id=id,aws_secret_access_key=key)
client = session.client("elasticache")
arn = "arn:aws:elasticache:us-east-1:1234567889:cluster:rand57hzn577a78-0001-001"
client.list_tags_for_resource(ResourceName=arn)

Upvotes: 0

AlexMeng
AlexMeng

Reputation: 833

If you are using the ReadOnlyAccess managed policy, you will not be able to list tags for elasticache. Ensure that your user has elasticache:ListTagsForResource explicitly set in their policy. Amazon does not currently include that permission in their ReadOnlyAccess policy. A policy that allows viewing elasticache tags would look like: 

{
    "Version": "2015-06-26",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticache:ListTagsForResource"
            ],
            "Resource": "*"
        }
    ]
}

I believe this should be part of the ReadOnlyAccess policy,and opened a ticket with Amazon. This was their response:

You raise a valid point regarding "elasticache:ListTagsForResource" not being included in the AWS supplied "ReadOnlyAccess" managed policy. We can't very well call it read only when it doesn't allow someone to list tags on a named resource in my opinion. Therefore, I have opened an internal ticket with the team who controls these managed policies; requesting that the API "elasticache:ListTagsForResource" be added to "ReadOnlyAccess".

Upvotes: 4

Related Questions