Question:
I have successfully created a user, credentials, and a bucket.
Now I need to grant bucket access to this user.
Is there any way to get this CanonicalUser value from code?
The IAM user object only provides ARN, Path, UserId and UserName values, but none of these are valid for the grant.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
using (var s3 = new Amazon.S3.AmazonS3Client("[user_key]", "[secret_user_key]", RegionEndpoint.GetBySystemName("eu-west-1"))) { var response = s3.GetACL("[bucket_id]"); var acl = response.AccessControlList; acl.AddGrant( new S3Grantee() { CanonicalUser = **???** }, new S3Permission(S3Permission.FULL_CONTROL) ); s3.PutACL( new PutACLRequest() { AccessControlList = acl, BucketName = "[bucket_id]" } ); } |
Answer:
You can easily get CanonicalUser ID using ListAllMyBuckets API call [1] (s3:ListAllMyBuckets permission is required):
|
1 2 3 4 5 6 |
$ aws s3api list-buckets --query Owner { "DisplayName": "lord-vader", "ID": "f420064cb076f772e10584fc40ab777c09f6b7d154342cf358f1bd1e573c9cf7" } |
In AWS SDK for .NET, use code like this [2]:
|
1 2 3 4 |
AmazonS3Client client = new AmazonS3Client(); ListBucketsResponse response = client.ListBuckets(); Console.WriteLine("Canonical user ID - {0}", response.Owner.Id); |
In AWSJavaSDK you can use AmazonS3.getS3AccountOwner wrapper method [3].