是否可以在禁用ACL的情况下使用AWS_S3?
我有一个试图自动上传到的S3存储桶。当我运行剧本时,我会收到以下错误:
FAILED! => {"boto3_version": "1.22.0", "botocore_version": "1.25.0", "changed": false,
"error": {"code": "AccessControlListNotSupported", "message": "The bucket does not allow
ACLs"}, "msg": "Unable to set object ACL: An error occurred
aws 建议禁用ACL ,我可以使用aws cli可以很好地使用:
aws aws s3 cp< file name> s3:// mybucket/<文件名>
我的剧本:
- name: Upload logical backup to s3
aws_s3:
bucket: "{{ AWS_S3_BACKUP_BUCKET }}"
aws_access_key: "{{ AWS_S3_BACKUP_ACCESS_KEY_ID }}"
aws_secret_key: "{{ AWS_S3_BACKUP_SECRET_KEY }}"
mode: put
object: logical_db_backups/dump_01.sql.zst
src: /path/to/my/backup/file
如果我启用ACLS,则剧本有效。但是,我真的更喜欢使用授予权限的一个用户来访问存储桶。
我阅读 ansible文档 >模块,它没有提及ACL。
有人知道没有ACL的方法使用该模块吗?如果没有,我只是回到常规的bash和cron工作。
Ansible的版本: Ansible 2.9.6
I have an S3 Bucket that I am attempting to automate uploads to. When I run the playbook, I am getting the following error:
FAILED! => {"boto3_version": "1.22.0", "botocore_version": "1.25.0", "changed": false,
"error": {"code": "AccessControlListNotSupported", "message": "The bucket does not allow
ACLs"}, "msg": "Unable to set object ACL: An error occurred
AWS recommends disabling ACLs, and I am able to use the aws cli just fine with:
aws s3 cp <file name> s3://mybucket/<file name>
My playbook:
- name: Upload logical backup to s3
aws_s3:
bucket: "{{ AWS_S3_BACKUP_BUCKET }}"
aws_access_key: "{{ AWS_S3_BACKUP_ACCESS_KEY_ID }}"
aws_secret_key: "{{ AWS_S3_BACKUP_SECRET_KEY }}"
mode: put
object: logical_db_backups/dump_01.sql.zst
src: /path/to/my/backup/file
If I enable ACLs, the playbook works. However, I would really prefer to use the one user that is given permissions to access the bucket.
I read the Ansible documentation on the aws_s3 module, and it mentioned nothing about ACLs.
Does anyone know of a way to use this module without ACLs? If not, I'm just going back to regular bash and cron jobs.
Version of ansible:ansible 2.9.6
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
指定许可为null
Ref: https://www.watchmydc.com/ansible-aws/
Specify permission as null
Ref: https://www.watchmydc.com/ansible-aws/
根问题:
AWS最近添加了该选项( 2021年11月下旬)禁用对象ACL的ACL,即使许多客户端应用程序没有为此配备,他们也使很多人使其成为默认/建议设置。
Ansible的问题:
问题是,许多客户(例如Ansible和各种SDK)都没有能够处理此 new 功能。
在文档的“许可”部分中提到了ACL,您是对的,它没有提及“ ACL”(不要问我为什么!): https://docs.ansible.com/ansible.com/ansible/2.9/mmodules/modules/aws_s_s_s3_module.html#parameter.html#parameter-permistriber-permission-permission-permission-permission-permission-permission-permission-permission-permission
目前,根据Ansible文档,ACL“权限”参数默认为
private,并且没有办法告诉其省略ACL设置。解决方法:
我一直在做的是将水桶保持在“遗产模式”(又称ACL启用)中,以便我所有的客户端公用事业都继续像往常一样与水桶一起使用。请参阅附加的屏幕截图。
Root issue:
AWS added the option recently (late Nov 2021) to disable Object ACL's and they confused a lot of people by making it the default/suggested setting even though many client apps are not equipped for this.
Ansible's problem:
The problem is that many clients (Like Ansible, and various SDK's) are not equipped to handle this new feature yet.
ACL's are mentioned in the "permission" section of the documentation, and you're right, it makes no mention of "ACL" (don't ask me why!): https://docs.ansible.com/ansible/2.9/modules/aws_s3_module.html#parameter-permission
Currently, according to Ansible docs, the ACL "permission" param defaults to
privateand there is no way to tell it to omit the ACL setting.Workaround:
What I've been doing is keeping buckets in "legacy mode" (aka with ACL's enabled) so that all my client utilities continue to work with the buckets as they always have. See screenshot attached.