Thank you for reading this post, don't forget to subscribe!
- Create a role in the account 111111111111
The output should be:
S3 policy:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:ListBucketMultipartUploads", "s3:ListBucketVersions" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::test-recordings-staging" ] }, { "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts", "s3:GetObjectVersion", "s3:DeleteObjectVersion", "s3:PutObjectAcl", "s3:GetObjectAcl" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::test-recordings-staging/*" ] } ] } |
Trust relationships:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Federated": "arn:aws:iam::111111111111:oidc-provider/oidc.eks.us-east-1.amazonaws.com/id/80AF9E79Bdd3396ss19431F323600A3159F9" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "oidc.eks.us-east-1.amazonaws.com/id/80AF9E79Bdd3396ss19431F323600A3159F9:aud": "sts.amazonaws.com" } } } ] } |
Go to account 2222222222
Add a policy to the bucket in Permissions tab > Bucket policy
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111111111111:role/staging-use1-sa-test20230516093027163900000001" }, "Action": [ "s3:ListBucket", "s3:GetObject", "s3:PutObjectTagging", "s3:GetObjectTagging", "s3:GetObjectVersion", "s3:GetObjectVersionTagging" ], "Resource": [ "arn:aws:s3:::test-recordings-staging", "arn:aws:s3:::test-recordings-staging/*" ] } ] } |
- Add a new service account to helm values
1 2 3 |
serviceAccountNew: annotations: eks.amazonaws.com/role-arn: arn:aws:iam::111111111111:role/staging-use1-sa-test20230516093027163900000001 |
- Check the connection from Django shell
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
#connect to pod kubectl -n test-staging exec -it test-django-server-65d956d5b6-2m49w -c base-django -- bash #Run shell ./manage.py shell #Run script from django.conf import settings settings.AWS_CONNECT_BUCKET import boto3 session = boto3.Session() s3 = session.resource('s3') bucket = s3.Bucket(settings.AWS_CONNECT_BUCKET) for obj in bucket.objects.limit(10): print(obj.key) |
or
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
import boto3 # Create an S3 client with automatic credentials retrieval s3 = boto3.client('s3') bucket_name = 'test-recordings-staging' # List objects in the bucket objects = s3.list_objects_v2(Bucket=bucket_name)['Contents'] # Sort the objects by last modified time (newest first) objects.sort(key=lambda obj: obj['LastModified'], reverse=True) # Select the latest 10 objects latest_objects = objects[:10] # Print the latest object keys and last modified times for obj in latest_objects: object_key = obj['Key'] last_modified = obj['LastModified'].strftime('%Y-%m-%d %H:%M:%S') print(f"Object Key: {object_key}, Last Modified: {last_modified}") |