Skip to content

使用交叉帐户访问

您需要使用此方法连续访问所需的上传目录。考虑这样一个示例,其中您有一个 AWS 帐户,任何应用都驻留在这个帐户中,并且这个应用需要持续访问 IDL 目录。在这种情况下,交叉帐户访问是有用的。

您可以遵循以下步骤使用此方法:

  1. 请使用以下端点创建需要提供访问权限的交叉帐户:
POST /crossAccounts

Content-Type: application/json

请求示例:

{
  "name": "testCrossAccount",
  "accessorAccountId": "960568630345",
  "description": "Cross Account Access for Testing",
  "subtenantId": "204a896c-a23a-11e9-a2a3-2a2ae2dbcce4"
}

响应示例:

{
  "id": "0234sd34a23a-11e9-a2a3-2a2sdfw34ce4",
  "name": "testCrossAccount",
  "accessorAccountId": "960768132345",
  "description": "Cross Account Access for Testing",
  "timestamp": "2019-09-06T21:23:32.000Z",
  "subtenantId": "204a896c-a23a-11e9-a2a3-2a2ae2dbcce4",
  "eTag": 1
}
2. 请使用以下端点获取交叉帐户列表:

GET /crossAccounts

Content-Type: application/json

响应示例:

{
  "crossAccounts": [
    {
      "id": "0234sd34a23a-11e9-a2a3-2a2sdfw34ce4",
      "name": "testCrossAccount",
      "accessorAccountId": "960768132345",
      "description": "Cross Account Access for Testing",
      "timestamp": "2019-09-06T21:23:32.000Z",
      "subtenantId": "204a896c-a23a-11e9-a2a3-2a2ae2dbcce4",
      "eTag": 1
    }
  ],
  "page": {
    "size": 1,
    "totalElements": 1,
    "totalPages": 1,
    "number": 1
  }
}
3. 请使用以下端点获取所选交叉帐户的详细信息:

GET /crossAccounts/0234sd34a23a-11e9-a2a3-2a2sdfw34ce4

Content-Type: application/json

响应示例:

{
  "id": "0234sd34a23a-11e9-a2a3-2a2sdfw34ce4",
  "name": "testCrossAccount",
  "accessorAccountId": "960768132345",
  "description": "Cross Account Access for Testing",
  "timestamp": "2019-09-06T21:23:32.000Z",
  "subtenantId": "204a896c-a23a-11e9-a2a3-2a2ae2dbcce4",
  "eTag": 1
}
4. 请使用以下端点更新选定的交叉帐户:

PATCH /crossAccounts/0234sd34a23a-11e9-a2a3-2a2sdfw34ce4

Content-Type: application/json

请求示例:

{
  "name": "updatedTestCrossAccount",
  "description": "Updated Cross Account Access for Testing",
}

响应示例:

{
  "id": "0234sd34a23a-11e9-a2a3-2a2sdfw34ce4",
  "name": "updatedTestCrossAccount",
  "accessorAccountId": "960768132345",
  "description": "Updated Cross Account Access for Testing",
  "timestamp": "2019-09-06T21:25:32.000Z",
  "subtenantId": "204a896c-a23a-11e9-a2a3-2a2ae2dbcce4",
  "eTag": 1
}
5. 请使用以下端点删除选定的交叉帐户:

DELETE /crossAccounts/0234sd34a23a-11e9-a2a3-2a2sdfw34ce4

响应示例:

204 Deleted
6. 一旦创建了交叉帐户,继续创建交叉帐户访问,以便在所需的前缀上提供所需的访问。这可以通过使用以下端点来实现:

POST /crossAccounts/20234sd34a23a-11e9-a2a3-2a2sdfw34ce4/accesses

Content-Type: application/json

请求示例:

{
  "description": "Access to write to mysubfolder",
  "path": "myfolder/mysubfolder",
  "permission": "WRITE"
}

响应示例:

{
  "id": "781c8b90-c7b6-4b1c-993c-b51a00b35be2",
  "description": "Access to write to mysubfolder",
  "storageAccount": "dlbucketname",
  "storagePath": "data/ten=tenantname/myfolder/mysubfolder",
  "path": "myfolder/mysubfolder",
  "permission": "WRITE",
  "status": "ENABLED",
  "timestamp": "2019-11-04T19:19:25.866Z",
  "eTag": 1
}
7. 请使用以下端点获取交叉帐户访问的详细信息:

GET /crossAccounts/20234sd34a23a-11e9-a2a3-2a2sdfw34ce4/accesses

Content-Type: application/json

响应示例:

{
  "crossAccountAccesses": [
    {
      "id": "781c8b90-c7b6-4b1c-993c-b51a00b35be2",
      "description": "Access to write to mysubfolder",
      "storageAccount": "dlbucketname",
      "storagePath": "data/ten=tenantname/myfolder/mysubfolder",
      "path": "myfolder/mysubfolder",
      "permission": "WRITE",
      "status": "ENABLED",
      "timestamp": "2019-11-04T19:19:25.866Z",
      "eTag": 1
    }
  ],
  "page": {
    "size": 1,
    "totalElements": 1,
    "totalPages": 1,
    "number": 1
  }
}
8. 请使用以下端点获取所选交叉账户访问的详细信息:

GET /crossAccounts/20234sd34a23a-11e9-a2a3-2a2sdfw34ce4/accesses/781c8b90-c7b6-4b1c-993c-b51a00b35be2

Content-Type: application/json

响应示例:

{
  "id": "781c8b90-c7b6-4b1c-993c-b51a00b35be2",
  "description": "Access to write to mysubfolder",
  "storageAccount": "dlbucketname",
  "storagePath": "data/ten=tenantname/myfolder/mysubfolder",
  "path": "myfolder/mysubfolder",
  "permission": "WRITE",
  "status": "ENABLED",
  "timestamp": "2019-11-04T19:19:25.866Z",
  "eTag": 1
}
9. 请使用以下端点更新创建的交叉账户访问:

PATCH /crossAccounts/20234sd34a23a-11e9-a2a3-2a2sdfw34ce4/accesses/781c8b90-c7b6-4b1c-993c-b51a00b35be2

Content-Type: application/json

请求示例:

{
  "description": "Access to write to mysubfolder",
  "status": "ENABLED"
}

响应示例:

{
  "id": "781c8b90-c7b6-4b1c-993c-b51a00b35be2",
  "description": "Access to write to mysubfolder",
  "storageAccount": "dlbucketname",
  "storagePath": "data/ten=tenantname/myfolder/mysubfolder",
  "path": "myfolder/mysubfolder",
  "permission": "WRITE",
  "status": "ENABLED",
  "timestamp": "2019-11-04T19:19:25.866Z",
  "eTag": 1
}
10. 请使用以下端点删除创建的交叉账户访问:

DELETE /crossAccounts/20234sd34a23a-11e9-a2a3-2a2sdfw34ce4/accesses/781c8b90-c7b6-4b1c-993c-b51a00b35be2

响应示例:

204 deleted
11. 一旦提供了访问,您就可以通过 CLI 或使用 AWS SDK 将数据上传到所需的前缀中。

使用以下命令将文件上传到 S3 bucket:

$ aws s3 cp myobject.objext s3://tgsbucket

upload: ./myobject.objext to s3://tgsbucket/myobject.objext

使用以下命令从 S3 bucket 下载文件:

$ aws s3 cp s3://tgsbucket/myobject.objext .

download: s3://tgsbucket/myobject.objext to ./myobject.objext

Last update: January 6, 2020