AWS 文档 SDK 示例
使用 AWS SDK 回滚 IAM policy 版本
以下代码示例展示了如何:
获取按日期顺序排序的策略版本列表。
查找默认策略版本。
将以前的策略版本设为默认版本。
删除旧的默认版本。
- Python
-
- 适用于 Python 的 SDK (Boto3)
-
注意
查看 GitHub,了解更多信息。在 AWS 代码示例存储库
中查找完整示例,了解如何进行设置和运行。 def rollback_policy_version(policy_arn): """ Rolls back to the previous default policy, if it exists. 1. Gets the list of policy versions in order by date. 2. Finds the default. 3. Makes the previous policy the default. 4. Deletes the old default version. :param policy_arn: The ARN of the policy to roll back. :return: The default version of the policy after the rollback. """ try: policy_versions = sorted( iam.Policy(policy_arn).versions.all(), key=operator.attrgetter("create_date"), ) logger.info("Got %s versions for %s.", len(policy_versions), policy_arn) except ClientError: logger.exception("Couldn't get versions for %s.", policy_arn) raise default_version = None rollback_version = None try: while default_version is None: ver = policy_versions.pop() if ver.is_default_version: default_version = ver rollback_version = policy_versions.pop() rollback_version.set_as_default() logger.info("Set %s as the default version.", rollback_version.version_id) default_version.delete() logger.info("Deleted original default version %s.", default_version.version_id) except IndexError: if default_version is None: logger.warning("No default version found for %s.", policy_arn) elif rollback_version is None: logger.warning( "Default version %s found for %s, but no previous version exists, so " "nothing to roll back to.", default_version.version_id, policy_arn, ) except ClientError: logger.exception("Couldn't roll back version for %s.", policy_arn) raise else: return rollback_version-
有关 API 详细信息,请参阅《AWS SDK for Python (Boto3) API Reference》中的以下主题。
-
管理您的账户
设置基于属性的访问控制