问题
I try to access a key inside a bucket, for which I don't have permissions, though I do for the key.
In order to be able to do get_key('this/is/my_key'), I need the bucket object:
conn = boto.connect_s3(key, secret_key)
my_bucket = conn.get_bucket('a_bucket')
yields S3ResponseError: S3ResponseError: 403 Forbidden.
On the other hand, the following works
my_bucket = boto.s3.bucket.Bucket(conn, 'a_bucket')
my_bucket.get_key('this/is/my_key')
Question: What is the difference between creating the object Bucket and using the get_bucket method?
Checking the docu I only see the check for validation. Anything else?
回答1:
Validation (validate=True default) in the get_bucket checks for bucket's existence when called. Since you don't have access to the bucket, your request is turned down (403). In the other case, the class instantiation doesn't seem to do the validation, hence the get_key method works as intended.
回答2:
get_bucket() need s3:listObject permission
get_key() only need s3:GetObject permission
Thus following line DOES NOT create any bucket.
my_bucket = boto.s3.bucket.Bucket(conn, 'a_bucket')
It just create a python object class pointing to the bucket. There is no error as long as you didn't perform any bucket related task. If you can do a get_key() without error, it's mean you are given the s3:GetObject permission to the bucket.
来源:https://stackoverflow.com/questions/42717551/boto-s3-bucket-versus-get-bucket