设置Lambda Python媒体转换函数的访问控制列表

2024-09-27 04:29:30 发布

您现在位置:Python中文网/ 问答频道 /正文
2476 3

我使用下面的Python和json媒体转换作业来运行AWS MediaConvert作业。(我遵循的原始指南是here)。在

MediaConvert作业创建的新文件的ACL应该是ACL: 'public-read',但是我无法设置它。由于这个bucket上文件夹结构的复杂性,我更愿意在文件上分配这个,而不是bucket权限(我知道在S3上没有真正的文件夹这样的东西)。在

转换.py #!/usr/bin/env python

import glob
import json
import os
import uuid
import boto3
import datetime
import random
import urlparse

from botocore.client import ClientError

def handler(event, context):

    assetID = str(uuid.uuid4())
    sourceS3Bucket = event['Records'][0]['s3']['bucket']['name']
    sourceS3Key = event['Records'][0]['s3']['object']['key']
    sourceS3 = 's3://'+ sourceS3Bucket + '/' + sourceS3Key
    sourceS3Basename = os.path.splitext(os.path.basename(sourceS3))[0]
    destinationS3 = 's3://' + os.environ['DestinationBucket']
    destinationS3basename = os.path.splitext(os.path.basename(destinationS3))[0]
    mediaConvertRole = os.environ['MediaConvertRole']
    region = os.environ['AWS_DEFAULT_REGION']
    statusCode = 200
    body = {}

    # Use MediaConvert SDK UserMetadata to tag jobs with the assetID 
    # Events from MediaConvert will have the assetID in UserMedata
    jobMetadata = {'assetID': assetID}

    print (json.dumps(event))

    try:
        # Job settings are in the lambda zip file in the current working directory
        with open('job.json') as json_data:
            jobSettings = json.load(json_data)
            print(jobSettings)

        # get the account-specific mediaconvert endpoint for this region
        mc_client = boto3.client('mediaconvert', region_name=region)
        endpoints = mc_client.describe_endpoints()

        # add the account-specific endpoint to the client session 
        client = boto3.client('mediaconvert', region_name=region, endpoint_url=endpoints['Endpoints'][0]['Url'], verify=False)

        # Update the job settings with the source video from the S3 event and destination 
        # paths for converted videos
        jobSettings['Inputs'][0]['FileInput'] = sourceS3

        S3KeyWatermark = 'encoded-video/mp4/' + sourceS3Basename
        jobSettings['OutputGroups'][0]['OutputGroupSettings']['FileGroupSettings']['Destination'] \
            = destinationS3 + '/' + S3KeyWatermark

        S3KeyThumbnails = 'encoded-video/poster/' + sourceS3Basename
        jobSettings['OutputGroups'][1]['OutputGroupSettings']['FileGroupSettings']['Destination'] \
            = destinationS3 + '/' + S3KeyThumbnails     

        print('jobSettings:')
        print(json.dumps(jobSettings))

        # Convert the video using AWS Elemental MediaConvert
        job = client.create_job(Role=mediaConvertRole, UserMetadata=jobMetadata, Settings=jobSettings)
        print (json.dumps(job, default=str))

    except Exception as e:
        print 'Exception: %s' % e
        statusCode = 500
        raise

    finally:
        return {
            'statusCode': statusCode,
            'body': json.dumps(body),
            'headers': {'Content-Type': 'application/json', 'Access-Control-Allow-Origin': '*'}
        }

作业.json

^{pr2}$

当然,如果公共访问限制在这个Bucket中的以下“文件夹”,我也愿意接受Bucket策略建议。在

<BUCKET>/videos 
<BUCKET>/encoded-video/mp4
<BUCKET>/encoded-video/poster

提前致谢。在


Tags: theimportclienteventjsons3osvideo
1条回答
网友
1楼 · 发布于 2024-09-27 04:29:30

您可以尝试以下策略(未测试):

{
    "Version":"2012-10-17",
    "Statement":[
        {
            "Sid":"PublicAccessToFolders",
            "Effect":"Allow",
            "Principal":"*",
            "Action":["s3:GetObject"],
            "Resource":[
                "arn:aws:s3:::examplebucket/videos/*",
                "arn:aws:s3:::examplebucket/encoded-video/mp4/*",
                "arn:aws:s3:::examplebucket/encoded-video/poster/*",
            ]
        }
    ]
}

关于Amazon如何授权bucket访问的更多信息是here,很少有策略示例是here。在

相关问题 更多 >

    编程相关推荐

    热门问题