CODEWITHSUNDEEP
pythonamazon-web-servicesamazon-s3boto3boto
user14226172
user14226172

Reputation:

S3 bucket policy using Boto3

I am working on a boto script to collect logs and store it into an S3 bucket, I am getting an error "botocore.errorfactory.NoSuchBucket: An error occurred (NoSuchBucket) when calling the PutBucketPolicy operation: The specified bucket does not exist" I am craeating the bucket beforehand and then trying to attach the policy to the bucket,the bucket shows up in the console as well. I don't understand what might be causing this problem.

import boto3
import sys
import json
import time 
iam = boto3.client('iam')
sts = boto3.client('sts')
ec2 = boto3.resource('ec2')
cloudtrail = boto3.client('cloudtrail')
s3  = boto3.client('s3')


s3.create_bucket(Bucket='goodbucket3')
# Create a bucket policy
bucket_name = 'goodbucket3'
bucket_policy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {"Service": "cloudtrail.amazonaws.com"},
            "Action": "s3:GetBucketAcl",
            "Resource": f"arn:aws:s3:::{bucket_name}"
        },
        {
            "Effect": "Allow",
            "Principal": {"Service": "cloudtrail.amazonaws.com"},
            "Action": 
            "s3:PutObject",
            "s3:PutObjectAcl"
            "s3:GetObject"
            "s3:GetObjectAcl"
            "s3:DeleteObject"
            "Resource": f"arn:aws:s3:::{bucket_name}/AWSLogs/XXXXXXXX/*",
            "Condition": {"StringEquals": {"s3:x-amz-acl": "bucket-owner-full-control"}}
        }
    ]
}

# Convert the policy from JSON dict to string
bucket_policy = json.dumps(bucket_policy)

# Set the new policy
s3.put_bucket_policy(Bucket='bucket_name', Policy=bucket_policy)
result = s3.get_bucket_policy(Bucket='bucket_name')

logs = cloudtrail.create_trail(
    Name='GoodTrail',
    S3BucketName='bucket_name',
)
print(logs)

Upvotes: 3

Views: 2048

Answers (1)

jarmod
jarmod

Reputation: 78850

You may need to wait for the bucket creation to full propagate. You can use a waiter to do this. See the low-level clients documentation or How to use waiters in boto3.

Using a client's get_waiter() method, you can obtain a specific waiter from its list of possible waiters:

# Retrieve waiter instance that will wait till a specified bucket exists
s3_bucket_exists_waiter = s3.get_waiter('bucket_exists')

Then to actually start waiting, you must call the waiter's wait() method with the method's appropriate parameters passed in:

# Begin waiting for the S3 bucket, mybucket, to exist
s3_bucket_exists_waiter.wait(Bucket='mybucket')

Upvotes: 4

Related Questions