AWS S3 Access Grants plugin provides the functionality to enable S3 customers to configure S3 Access Grants as a permission layer on top of the S3 Clients.
Project description
AWS S3 Access Grants plugin for boto3
AWS S3 Access Grants Plugin provides the functionality to enable S3 customers to configure S3 ACCESS GRANTS as a permission layer on top of the S3 Clients.
S3 Access Grants is a feature from S3 that allows its customers to configure fine-grained access permissions for the data in their buckets.
Installing the plugin
Run this command to install the plugin.
pip install "aws-s3-access-grants-boto3-plugin==<Latest_Version>"
Using the plugin
- Create your S3 Client.
- Create a S3AccessGrantsPlugin object and pass the S3 Client and fallback option during initialization.
- Register the plugin.
import botocore.session
from s3_access_grants_plugin.s3_access_grants_plugin import S3AccessGrantsPlugin
session = botocore.session.get_session()
s3_client = session.create_client('s3')
plugin = S3AccessGrantsPlugin(s3_client, fallback_enabled=True)
plugin.register()
fallback_enabled takes in a boolean value. This option decides if we will fall back to the credentials set on the S3 Client by the user.
- If fallback_enabled is set to True then we will fall back every time we are not able to get the credentials from Access Grants, no matter the reason.
- If fallback_enabled option is set to False we will fall back only in case the operation/API is not supported by Access Grants.
Note
The plugin supports delete_objects API and copy_object API which S3 Access Grants does not implicitly support. For these APIs we get the common prefix of all the object keys and find their common ancestor. Ig you have a grant present on the common ancestor, you will get Access Grants credentials based on that grant. For copy_object API the source and destination buckets should be same, since a grant cannot give access to multiple buckets.
Testing
For running the integration tests locally, please add your AWS account number in the test_setup.py file.
Contributions
- Use GitHub flow to commit/review/collaborate on changes
- After a PR is approved/merged, please delete the PR branch both remotely and locally
License
This project is licensed under the Apache-2.0 License.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aws_s3_access_grants_boto3_plugin-1.0.0.tar.gz.
File metadata
- Download URL: aws_s3_access_grants_boto3_plugin-1.0.0.tar.gz
- Upload date:
- Size: 25.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a8ab2d71d0465d2de5e43ba0ab7e2644373a186ac4ad3dd7f91d4071a078bb82
|
|
| MD5 |
9ca7bfd1ad16a8f7f13723cf76b2c5e5
|
|
| BLAKE2b-256 |
fbaad46fc16090892bf41975de8a9c8f3b3fc2bc151f3f4d723c2e3a48ba4273
|
File details
Details for the file aws_s3_access_grants_boto3_plugin-1.0.0-py3-none-any.whl.
File metadata
- Download URL: aws_s3_access_grants_boto3_plugin-1.0.0-py3-none-any.whl
- Upload date:
- Size: 14.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.0 CPython/3.12.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
04462b952a14213c3aa20b8f566b7ec02c28482fcd0c98806b8cb57639307b34
|
|
| MD5 |
5152cbac6975e55e57d9d9219358b057
|
|
| BLAKE2b-256 |
332f0d1cec935c3160004efc58f972095e89720f5469f5399ad5ce106b7e32a5
|
