github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/scripts/s3/put-bucket-policy.sh

github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/scripts/s3/put-bucket-policy.sh (about)

     1  #!/bin/bash
     2  
     3  POLICY_JSON="policy-config.json"
     4  
     5  while getopts b: flag
     6  do
     7  	case "$flag" in
     8  		b) BUCKET=${OPTARG};;
     9  	esac
    10  done
    11  
    12  print_usage() {
    13  	echo "Usage:"
    14  	echo "./put-bucket-policy -b BUCKET_NAME"
    15  	echo
    16  	echo "The script grants AWS the write access(PUT operation only) to save generated inventory files to the bucket"
    17  	echo
    18  	echo "  BUCKET_NAME - AWS bucket name for which the policy will be enabled"
    19  }
    20  
    21  RED='\033[0;31m'
    22  NC='\033[0m'
    23  
    24  if [[ -z "${BUCKET}" ]]; then
    25  	printf "${RED}Error${NC}: bucket name is not defined.\n"
    26  	print_usage
    27  	exit 1
    28  fi
    29  
    30  cat > "${POLICY_JSON}" <<EOL
    31  {
    32        "Version": "2012-10-17",
    33        "Statement": [
    34          {
    35              "Sid": "InventoryAndAnalyticsExamplePolicy",
    36              "Effect": "Allow",
    37              "Principal": {
    38                  "Service": "s3.amazonaws.com"
    39              },
    40              "Action": "s3:PutObject",
    41              "Resource": [
    42                  "arn:aws:s3:::${BUCKET}/*"
    43              ],
    44              "Condition": {
    45                  "ArnLike": {
    46                      "aws:SourceArn": "arn:aws:s3:::{$BUCKET}"
    47                  }
    48              }
    49          }
    50      ]
    51  }
    52  EOL
    53  
    54  aws s3api put-bucket-policy --bucket ${BUCKET} --policy "file://${POLICY_JSON}"