Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/env python
import sys
import boto3
import time
import re
import json
backup_time = time.strftime('%Y%m%d%M%H%S')
backup_bucket = 'iflix-backup-acl'
b = sys.argv[1]
s3 = boto3.client('s3')
ls = s3.list_objects_v2(Bucket=b)
if 'Contents' in ls:
for i in ls['Contents']:
f = i['Key'] # path to the file
acl = s3.get_object_acl(Bucket=b, Key=f)
s3_key = "%s/%s/%s" % (b,backup_time,re.sub("/","__",f)) # unique path to file at this run (replace / with __)
# backup original ACLs first
s3.put_object(
Bucket=backup_bucket,
Key=s3_key,
ContentType='application/json',
Body=json.dumps(acl['Grants'],indent=2)
)
for i in list(range(len(acl['Grants']))):
if ( acl['Grants'][i]['Grantee']['Type'] == "Group"
and acl['Grants'][i]['Grantee']['URI'] == 'http://acs.amazonaws.com/groups/global/AuthenticatedUsers'
):
print("Remove AuthenticatedUsers %s on %s" % (acl['Grants'][i]['Permission'],f))
del(acl['Grants'][i])
break
del(acl['ResponseMetadata'])
s3.put_object_acl(
Bucket=b,
Key=f,
AccessControlPolicy=acl
)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.