注意:首先要先把秘鑰設置配置好,本文是使用powershell的全局配置上拋的,原理是使用aws 的CLI,在獲取憑證後,再根據獲取的臨時憑證上拋到S3上
import subprocess
import json
import os
# 执行 assume-role
aws_exe = r"C:\Program Files\Amazon\AWSCLIV2\aws.exe"
cmd = [
aws_exe,
"sts", "assume-role",
"--role-arn", "",
"--role-session-name", "MetaUpload"
]
try:
# 1. 获取临时凭证
result = subprocess.run(cmd, capture_output=True, text=True, check=True)
creds = json.loads(result.stdout)['Credentials']
# 提取字段
access_key = creds['AccessKeyId']
secret_key = creds['SecretAccessKey']
session_token = creds['SessionToken']
# 生成 PowerShell 命令(带引号转义)- 保留手动执行的功能
print("✅ 复制以下命令到你的 PowerShell 中执行(手动上传用):\n")
print(f'$ENV:AWS_ACCESS_KEY_ID="{access_key}"')
print(f'$ENV:AWS_SECRET_ACCESS_KEY="{secret_key}"')
print(f'$ENV:AWS_SESSION_TOKEN="{session_token}"')
print('$ENV:AWS_USE_DUALSTACK_ENDPOINT=$true')
print("\n✅ 凭证已成功获取并格式化!")
# 构建包含临时凭证的环境变量(继承当前系统环境变量,再覆盖 AWS 相关)
env = os.environ.copy()
env['AWS_ACCESS_KEY_ID'] = access_key
env['AWS_SECRET_ACCESS_KEY'] = secret_key
env['AWS_SESSION_TOKEN'] = session_token
env['AWS_USE_DUALSTACK_ENDPOINT'] = 'true'
# ====================== 新增:S3 LS 操作(上传前查看目标目录)======================
# 定义要查看的S3目录(取上传目标的目录部分,方便验证路径)
s3_ls_path = ""
# 构建s3 ls命令
s3_ls_cmd = [
aws_exe,
"s3", "ls",
s3_ls_path # 可改为 s3://mfghwteste-landing-bucket/ 查看整个桶
]
print(f"\n🔍 执行 S3 LS 查看目录:{s3_ls_path}")
ls_result = subprocess.run(s3_ls_cmd, capture_output=True, text=True, env=env)
if ls_result.returncode == 0:
print("✅ S3 LS 执行成功,目录内容:")
print(ls_result.stdout if ls_result.stdout else "该目录暂无文件")
else:
print("⚠️ S3 LS 执行警告(非致命,可能目录不存在):")
print("STDERR:", ls_result.stderr)
# ==================================================================================
# 2. 上传 S3(核心:通过环境变量传递凭证)
local_file = r".\test2.txt"
s3_uri = ""
s3_cmd = [
aws_exe,
"s3", "cp",
local_file, s3_uri
]
# 关键:通过 env 参数传递带凭证的环境变量
print(f"\n📤 开始上传文件:{local_file} -> {s3_uri}")
cp_result = subprocess.run(s3_cmd, capture_output=True, text=True, env=env)
if cp_result.returncode == 0:
print("✅ 上传成功!")
# ====================== 新增:上传后再次LS验证文件是否存在 ======================
print(f"\n🔍 上传后再次查看目录:{s3_ls_path}")
post_ls_result = subprocess.run(s3_ls_cmd, capture_output=True, text=True, env=env)
if post_ls_result.returncode == 0:
print("✅ 上传后目录内容:")
print(post_ls_result.stdout if post_ls_result.stdout else "目录仍为空(异常)")
else:
print("⚠️ 上传后LS执行失败:")
print("STDERR:", post_ls_result.stderr)
# ==============================================================================
else:
print("❌ 上传失败:")
print("STDERR:", cp_result.stderr)
print("命令详情:", " ".join(s3_cmd)) # 方便排查
except subprocess.CalledProcessError as e:
print("❌ assume-role 失败:")
print("STDERR:", e.stderr)
print("命令详情:", " ".join(cmd))
except KeyError as e:
print(f"❌ 凭证解析失败:缺少字段 {e}")
print("原始输出:", result.stdout)
except Exception as ex:
print("❌ 错误:", str(ex))