首先需要准备一个角色,授权访问对应的S3 bucket(bucket的创建就不说了)
角色权限(permissions)如下
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::YOUR-S3-BUCKET"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::YOUR-S3-BUCKET/*"
]
}
]
}
信任关系(Trust Relationship)如下
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "es.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Python代码如下
import boto3
import requests
from requests_aws4auth import AWS4Auth
region = 'us-east-1'
role_arn_for_snapshot = "YOUR-ROLE-ARN"
s3_bucket_name = "YOUR-S3-BUCKET"
host = 'https://YOUR.DOMAIN.es.amazonaws.com'
repo_name = 'MY-SNAPSHOT'
credentials = boto3.Session().get_credentials()
awsauth = AWS4Auth(
credentials.access_key,
credentials.secret_key,
region,
"es",
session_token=credentials.token
)
payload = {
"type": "s3",
"settings": {
"base_path": repo_name,
"bucket": s3_bucket_name,
"endpoint": "s3.amazonaws.com",
"role_arn": role_arn_for_snapshot,
}
}
# Register repository
r = requests.put(
'/'.join((host.rstrip('/'), '_snapshot', repo_name)),
auth=awsauth,
json=payload,
headers={"Content-Type": "application/json"}
)
print(r.status_code)
print(r.text)