# AWS S3 SDK Examples
- boto3 is the python AWS package
- **resource** provides high-level object-oriented interface service calls
- **client** provides low-level interface with 1:1 correspondance with APIs

In [4]:
import boto3, json

In [9]:
# browse all buckets with s3 resource
s3 = boto3.resource('s3')
for b in s3.buckets.all():
    print('bucket: %s' %b.name)
    for k in b.objects.all():
        print(k)

bucket: leiyang.test
s3.ObjectSummary(bucket_name='leiyang.test', key='folder-test/')
s3.ObjectSummary(bucket_name='leiyang.test', key='folder-test/IEEE_biography_samples.doc')
s3.ObjectSummary(bucket_name='leiyang.test', key='w4.pdf')
bucket: nikola.test
bucket: region.test


In [13]:
# similarly with s3 client
clt = boto3.client('s3')

# get all buckets
clt.list_buckets()

{'Buckets': [{'CreationDate': datetime.datetime(2017, 7, 26, 19, 22, 40, tzinfo=tzutc()),
   'Name': 'leiyang.test'},
  {'CreationDate': datetime.datetime(2017, 9, 1, 21, 53, 16, tzinfo=tzutc()),
   'Name': 'nikola.test'},
  {'CreationDate': datetime.datetime(2017, 9, 1, 22, 11, 39, tzinfo=tzutc()),
   'Name': 'region.test'}],
 'Owner': {'DisplayName': 'leiyang',
  'ID': 'ab78662b0559711595af8a2213fec4b6b564ee21f63bff1393dd2ce2fa8c7d08'},
 'ResponseMetadata': {'HTTPHeaders': {'content-type': 'application/xml',
   'date': 'Sat, 02 Sep 2017 05:51:29 GMT',
   'server': 'AmazonS3',
   'transfer-encoding': 'chunked',
   'x-amz-id-2': 'x6gxnYmwiqfNPj1H64L3j60RbZ2C3+aum8iA4aBQtG0+/nfzGKX+7ExbHTDEo6IVejJ+jYN4J2c=',
   'x-amz-request-id': '70FDD80746F79EDE'},
  'HTTPStatusCode': 200,
  'HostId': 'x6gxnYmwiqfNPj1H64L3j60RbZ2C3+aum8iA4aBQtG0+/nfzGKX+7ExbHTDEo6IVejJ+jYN4J2c=',
  'RequestId': '70FDD80746F79EDE',
  'RetryAttempts': 0}}

In [12]:
# list objects within a bucket
clt.list_objects(Bucket='leiyang.test')

{'Contents': [{'ETag': '"d41d8cd98f00b204e9800998ecf8427e"',
   'Key': 'folder-test/',
   'LastModified': datetime.datetime(2017, 7, 26, 19, 25, 52, tzinfo=tzutc()),
   'Owner': {'DisplayName': 'leiyang',
    'ID': 'ab78662b0559711595af8a2213fec4b6b564ee21f63bff1393dd2ce2fa8c7d08'},
   'Size': 0,
   'StorageClass': 'STANDARD'},
  {'ETag': '"b3ffa3bea5d9d5c6d7f1235edd962b88"',
   'Key': 'folder-test/IEEE_biography_samples.doc',
   'LastModified': datetime.datetime(2017, 8, 31, 3, 49, 59, tzinfo=tzutc()),
   'Owner': {'DisplayName': 'leiyang',
    'ID': 'ab78662b0559711595af8a2213fec4b6b564ee21f63bff1393dd2ce2fa8c7d08'},
   'Size': 50176,
   'StorageClass': 'REDUCED_REDUNDANCY'},
  {'ETag': '"4cbd0d5dbff3bbccdf23886bd0d119fa"',
   'Key': 'w4.pdf',
   'LastModified': datetime.datetime(2017, 7, 26, 19, 28, 5, tzinfo=tzutc()),
   'Owner': {'DisplayName': 'leiyang',
    'ID': 'ab78662b0559711595af8a2213fec4b6b564ee21f63bff1393dd2ce2fa8c7d08'},
   'Size': 56187,
   'StorageClass': 'STANDARD'}

In [14]:
# get object tagging
clt.get_object_tagging(Bucket='leiyang.test', Key='folder-test/IEEE_biography_samples.doc') #['TagSet']

{'ResponseMetadata': {'HTTPHeaders': {'date': 'Sat, 02 Sep 2017 05:54:14 GMT',
   'server': 'AmazonS3',
   'transfer-encoding': 'chunked',
   'x-amz-id-2': '9+O/A2ObGQ39CXbME8hq4RrQV2CPotKgnTw7f3GjgvU1LutvAthcnikWl5Wx6AbGcE9iWwepFos=',
   'x-amz-request-id': '315B9C182FDC1405'},
  'HTTPStatusCode': 200,
  'HostId': '9+O/A2ObGQ39CXbME8hq4RrQV2CPotKgnTw7f3GjgvU1LutvAthcnikWl5Wx6AbGcE9iWwepFos=',
  'RequestId': '315B9C182FDC1405',
  'RetryAttempts': 1},
 'TagSet': [{'Key': 'owner', 'Value': 'yangl'},
  {'Key': 'type', 'Value': '.doc'}]}

In [20]:
# get object metadata
clt.get_object(Bucket='leiyang.test', Key='folder-test/IEEE_biography_samples.doc')

{u'AcceptRanges': 'bytes',
 u'Body': <botocore.response.StreamingBody at 0x109e43510>,
 u'ContentLanguage': 'english',
 u'ContentLength': 50176,
 u'ContentType': 'application/msword',
 u'ETag': '"b3ffa3bea5d9d5c6d7f1235edd962b88"',
 u'LastModified': datetime.datetime(2017, 8, 31, 3, 21, 32, tzinfo=tzutc()),
 u'Metadata': {'loc': 'RNO'},
 'ResponseMetadata': {'HTTPHeaders': {'accept-ranges': 'bytes',
   'content-language': 'english',
   'content-length': '50176',
   'content-type': 'application/msword',
   'date': 'Thu, 31 Aug 2017 03:21:44 GMT',
   'etag': '"b3ffa3bea5d9d5c6d7f1235edd962b88"',
   'last-modified': 'Thu, 31 Aug 2017 03:21:32 GMT',
   'server': 'AmazonS3',
   'x-amz-id-2': 'NHMgWJzczndYZ8skJnrhDcznOxzFl9OxV7BP9ciTQ8bd7XHaBcVDItxsrakeJ9pLGYWeOnAfQvk=',
   'x-amz-meta-loc': 'RNO',
   'x-amz-request-id': 'BD8BF6C9E7523735',
   'x-amz-server-side-encryption': 'AES256',
   'x-amz-storage-class': 'STANDARD_IA',
   'x-amz-tagging-count': '2'},
  'HTTPStatusCode': 200,
  'HostId'

In [21]:
# get object ACL
clt.get_object_acl(Bucket='leiyang.test', Key='folder-test/IEEE_biography_samples.doc')

{u'Grants': [{u'Grantee': {u'Type': 'Group',
    u'URI': 'http://acs.amazonaws.com/groups/global/AllUsers'},
   u'Permission': 'READ'},
  {u'Grantee': {u'DisplayName': 'leiyang',
    u'ID': 'ab78662b0559711595af8a2213fec4b6b564ee21f63bff1393dd2ce2fa8c7d08',
    u'Type': 'CanonicalUser'},
   u'Permission': 'FULL_CONTROL'},
  {u'Grantee': {u'Type': 'Group',
    u'URI': 'http://acs.amazonaws.com/groups/global/AllUsers'},
   u'Permission': 'READ_ACP'}],
 u'Owner': {u'DisplayName': 'leiyang',
  u'ID': 'ab78662b0559711595af8a2213fec4b6b564ee21f63bff1393dd2ce2fa8c7d08'},
 'ResponseMetadata': {'HTTPHeaders': {'content-type': 'application/xml',
   'date': 'Thu, 31 Aug 2017 03:23:41 GMT',
   'server': 'AmazonS3',
   'transfer-encoding': 'chunked',
   'x-amz-id-2': '+hG9XqSgYNA8Q0OZUIGYJ3bvd0M0AcuRpVyQ/jDuGlfir2TLCeK7VcIwQ4ZbKPRWcNpYOaMLkTo=',
   'x-amz-request-id': 'E505E6A29051B975'},
  'HTTPStatusCode': 200,
  'HostId': '+hG9XqSgYNA8Q0OZUIGYJ3bvd0M0AcuRpVyQ/jDuGlfir2TLCeK7VcIwQ4ZbKPRWcNpYOaMLk

In [38]:
# modify object properties
copy_source = {
    'Bucket': 'leiyang.test',
    'Key': 'folder-test/IEEE_biography_samples.doc'
}

clt.copy(
  copy_source, 'leiyang.test', 'folder-test/IEEE_biography_samples.doc',
  ExtraArgs = {
    'StorageClass':'REDUCED_REDUNDANCY',
    'ServerSideEncryption':'AES256',
    'MetadataDirective':'COPY'
  }
)

In [3]:
# modify object tagging
clt.put_object_tagging(Bucket='leiyang.test', Key='w4.pdf', 
                        Tagging={'TagSet':[{'Key':'new_key','Value':'boto'},{'Key':'from','Value':'python'}]})

{'ResponseMetadata': {'HTTPHeaders': {'content-length': '0',
   'date': 'Sat, 02 Sep 2017 03:16:39 GMT',
   'server': 'AmazonS3',
   'x-amz-id-2': '4J2tUOO82ENxF5wzDtmxdBTmbf6eBkPWlha4yZ94b+iSmnRiJyBurap2ghU4GJGLUME0oBbyVQA=',
   'x-amz-request-id': 'F11DC1E104BB128E'},
  'HTTPStatusCode': 200,
  'HostId': '4J2tUOO82ENxF5wzDtmxdBTmbf6eBkPWlha4yZ94b+iSmnRiJyBurap2ghU4GJGLUME0oBbyVQA=',
  'RequestId': 'F11DC1E104BB128E',
  'RetryAttempts': 1}}

In [4]:
# verify new tags
clt.get_object_tagging(Bucket='leiyang.test', Key='w4.pdf')

{'ResponseMetadata': {'HTTPHeaders': {'date': 'Sat, 02 Sep 2017 03:17:44 GMT',
   'server': 'AmazonS3',
   'transfer-encoding': 'chunked',
   'x-amz-id-2': 'oPR208P9SrGFtMJHT9dEB834uU0IuTV5WP/CJIi6JXCTxP3MEO2K4mH/vAtoCUlsTt6lOwvu7bg=',
   'x-amz-request-id': 'DDE4F67634FDC46B'},
  'HTTPStatusCode': 200,
  'HostId': 'oPR208P9SrGFtMJHT9dEB834uU0IuTV5WP/CJIi6JXCTxP3MEO2K4mH/vAtoCUlsTt6lOwvu7bg=',
  'RequestId': 'DDE4F67634FDC46B',
  'RetryAttempts': 0},
 u'TagSet': [{u'Key': 'new_key', u'Value': 'boto'},
  {u'Key': 'from', u'Value': 'python'}]}

In [75]:
# get bucket ACL
clt.get_bucket_acl(Bucket='leiyang.test')

{u'Grants': [{u'Grantee': {u'DisplayName': 'leiyang',
    u'ID': 'ab78662b0559711595af8a2213fec4b6b564ee21f63bff1393dd2ce2fa8c7d08',
    u'Type': 'CanonicalUser'},
   u'Permission': 'FULL_CONTROL'}],
 u'Owner': {u'DisplayName': 'leiyang',
  u'ID': 'ab78662b0559711595af8a2213fec4b6b564ee21f63bff1393dd2ce2fa8c7d08'},
 'ResponseMetadata': {'HTTPHeaders': {'content-type': 'application/xml',
   'date': 'Thu, 31 Aug 2017 19:29:16 GMT',
   'server': 'AmazonS3',
   'transfer-encoding': 'chunked',
   'x-amz-id-2': 'NP9gpWLKpidviKxpMAWk/uYk3qzCVWFoLQy/KcssnYuYubmWPbB2kMwAeRYmqDh0XUPQS4rjHWc=',
   'x-amz-request-id': '63429F2F6D17BD83'},
  'HTTPStatusCode': 200,
  'HostId': 'NP9gpWLKpidviKxpMAWk/uYk3qzCVWFoLQy/KcssnYuYubmWPbB2kMwAeRYmqDh0XUPQS4rjHWc=',
  'RequestId': '63429F2F6D17BD83',
  'RetryAttempts': 0}}

In [5]:
# get bucket policy
clt.get_bucket_policy(Bucket='leiyang.test')

{u'Policy': u'{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:GetObject","Resource":"arn:aws:s3:::leiyang.test/*","Condition":{"StringEquals":{"s3:ExistingObjectTag/nikola":"tesla"}}},{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:GetObject","Resource":"arn:aws:s3:::leiyang.test/*","Condition":{"StringEquals":{"s3:ExistingObjectTag/type":".doc"}}},{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:ListBucket","Resource":"arn:aws:s3:::leiyang.test","Condition":{"StringEquals":{"s3:prefix":"folder-test"}}},{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:ListBucket","Resource":"arn:aws:s3:::leiyang.test","Condition":{"StringNotEquals":{"s3:prefix":"folder-test"}}}]}',
 'ResponseMetadata': {'HTTPHeaders': {'content-length': '867',
   'content-type': 'application/json',
   'date': 'Sa

In [315]:
# set/modify bucket policy

# below policy: 
    # - allow user s3_test to only get objects with at least one of the specified tag key-value
    # - allow user s3_test to only see objects from folder called "folder-test"
policy = { 
  "Version": "2012-10-17", 
  "Statement": [ 
      # user s3_test can get object with tag key-value as nikola-tesla
    { 
      "Effect": "Allow", 
      "Action": ["s3:GetObject" ],
      "Resource": ["arn:aws:s3:::leiyang.test/*"],
      "Principal": {"AWS":"arn:aws:iam::149687825236:user/s3_test"},
      "Condition": {         
        "StringEquals": {"s3:ExistingObjectTag/nikola": "tesla"}
      }    
    },
      # user s3_test can get object with tag key-value as type-.doc
    { 
      "Effect": "Allow", 
      "Action": ["s3:GetObject" ],
      "Resource": ["arn:aws:s3:::leiyang.test/*"],
      "Principal": {"AWS":"arn:aws:iam::149687825236:user/s3_test"},
      "Condition": {         
        "StringEquals": {"s3:ExistingObjectTag/type": ".doc"}
      }    
    },
      # user s3_test can see objects from folder-test
     {        
         "Effect":"Allow",
         "Action":["s3:ListBucket"],
         "Resource":["arn:aws:s3:::leiyang.test"],
         "Principal": {"AWS":"arn:aws:iam::149687825236:user/s3_test"},
         "Condition" : {
             "StringEquals" : {"s3:prefix": "folder-test"}
          } 
       },
      # user s3_test cannot see object not in folder-test,
      # this explicit deny is necessary to avoid possible policy loophole from other ACL/object policy
      {        
         "Effect":"Deny",
         "Action":["s3:ListBucket"],
         "Resource":["arn:aws:s3:::leiyang.test"],
         "Principal": {"AWS":"arn:aws:iam::149687825236:user/s3_test"},
         "Condition" : {
             "StringNotEquals" : {"s3:prefix": "folder-test" }
          } 
       }      
  ]
}
clt.put_bucket_policy(Bucket='leiyang.test', Policy=json.dumps(policy))

In [16]:
# get another client with s3_test credential, to verify the policy
clnt2 = boto3.client('s3', aws_access_key_id='foo', 
                     aws_secret_access_key='bar')

In [18]:
# unable to see all objects in the bucket
clnt2.list_objects(Bucket='leiyang.test')

ClientError: An error occurred (AccessDenied) when calling the ListObjects operation: Access Denied

In [20]:
# only see object with prefix 'folder-test' in the key 
clnt2.list_objects(Bucket='leiyang.test', Prefix='folder-test')

{'Contents': [{'ETag': '"d41d8cd98f00b204e9800998ecf8427e"',
   'Key': 'folder-test/',
   'LastModified': datetime.datetime(2017, 7, 26, 19, 25, 52, tzinfo=tzutc()),
   'Size': 0,
   'StorageClass': 'STANDARD'},
  {'ETag': '"b3ffa3bea5d9d5c6d7f1235edd962b88"',
   'Key': 'folder-test/IEEE_biography_samples.doc',
   'LastModified': datetime.datetime(2017, 8, 31, 3, 49, 59, tzinfo=tzutc()),
   'Size': 50176,
   'StorageClass': 'REDUCED_REDUNDANCY'}],
 'EncodingType': 'url',
 'IsTruncated': False,
 'Marker': '',
 'MaxKeys': 1000,
 'Name': 'leiyang.test',
 'Prefix': 'folder-test',
 'ResponseMetadata': {'HTTPHeaders': {'content-type': 'application/xml',
   'date': 'Sat, 02 Sep 2017 06:12:53 GMT',
   'server': 'AmazonS3',
   'transfer-encoding': 'chunked',
   'x-amz-bucket-region': 'us-west-1',
   'x-amz-id-2': 'avCeqw+78Id1dFFscwtq2h1JDjEj/pslV3TBksACitRyT7e4SKiftmfe1HpWMqTQbJNWDS/vDn4=',
   'x-amz-request-id': '3171442E527B3262'},
  'HTTPStatusCode': 200,
  'HostId': 'avCeqw+78Id1dFFscwtq2h

In [21]:
# can get object with prefix
clnt2.get_object(Bucket='leiyang.test', Key='folder-test/IEEE_biography_samples.doc')

{'AcceptRanges': 'bytes',
 'Body': <botocore.response.StreamingBody at 0x105ee77b8>,
 'ContentLanguage': 'english',
 'ContentLength': 50176,
 'ContentType': 'application/msword',
 'ETag': '"b3ffa3bea5d9d5c6d7f1235edd962b88"',
 'LastModified': datetime.datetime(2017, 8, 31, 3, 49, 59, tzinfo=tzutc()),
 'Metadata': {'loc': 'RNO'},
 'ResponseMetadata': {'HTTPHeaders': {'accept-ranges': 'bytes',
   'content-language': 'english',
   'content-length': '50176',
   'content-type': 'application/msword',
   'date': 'Sat, 02 Sep 2017 06:13:50 GMT',
   'etag': '"b3ffa3bea5d9d5c6d7f1235edd962b88"',
   'last-modified': 'Thu, 31 Aug 2017 03:49:59 GMT',
   'server': 'AmazonS3',
   'x-amz-id-2': 'A9RTURn9bccO9TIAxfCP0yfCpJWa9Cy2OFXMUFwNwsEIWKCyx/lCPvFYl8eV8sSyiHyfkvRk9aE=',
   'x-amz-meta-loc': 'RNO',
   'x-amz-request-id': 'E083751B7B150E24',
   'x-amz-server-side-encryption': 'AES256',
   'x-amz-storage-class': 'REDUCED_REDUNDANCY'},
  'HTTPStatusCode': 200,
  'HostId': 'A9RTURn9bccO9TIAxfCP0yfCpJWa9

In [22]:
# cannot get object without specified prefix
clnt2.get_object(Bucket='leiyang.test', Key='w4.pdf')

ClientError: An error occurred (AccessDenied) when calling the GetObject operation: Access Denied

In [250]:
# can download file if GetObject is allowed
clnt2.download_file('leiyang.test', 'folder-test/IEEE_biography_samples.doc', 'download_test2.doc')

# AWS S3 REST API Examples
- needs to provide proper signature of the request with hashed access_key

In [29]:
# an example to get bucket/object property with organic REST API call
# the access key is from an IAM user with full control of S3

import sys, os, base64, datetime, hashlib, hmac, requests

def sign(key, msg):
    return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest()

def getSignatureKey(key, dateStamp, regionName, serviceName):
    kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp)
    kRegion = sign(kDate, regionName)
    kService = sign(kRegion, serviceName)
    kSigning = sign(kService, 'aws4_request')
    return kSigning

def get_bucket_stuff(bucket, stuff, obj='/', region='us-west-1'):
    access_key = os.environ.get('AWS_ACCESS_KEY_ID')
    secret_key = os.environ.get('AWS_SECRET_ACCESS_KEY')
    # create a date for headers and the credential string
    t = datetime.datetime.utcnow()
    amzdate = t.strftime('%Y%m%dT%H%M%SZ')
    datestamp = t.strftime('%Y%m%d') 
    # define request
    uri = obj + '?' + stuff
    canonical_headers = 'host:' + bucket + '.s3.amazonaws.com\n' + 'x-amz-date:' + amzdate + '\n'    
    signed_headers = 'host;x-amz-date'
    canonical_request = 'GET\n' + obj + '\n' + stuff + '=\n' + canonical_headers + '\n' + signed_headers + '\nUNSIGNED-PAYLOAD'
    # create signature for the request
    algorithm = 'AWS4-HMAC-SHA256'
    credential_scope = datestamp + '/' + region + '/s3/aws4_request'
    string_to_sign = algorithm + '\n' +  amzdate + '\n' +  credential_scope + '\n' +  hashlib.sha256(canonical_request.encode('utf-8')).hexdigest()
    signing_key = getSignatureKey(secret_key, datestamp, region, 's3')
    signature = hmac.new(signing_key, (string_to_sign).encode('utf-8'), hashlib.sha256).hexdigest()
    # define headers
    authorization_header = algorithm + ' Credential=' + access_key + '/' + credential_scope + ', SignedHeaders=' + signed_headers + ', Signature=' + signature
    headers = {'x-amz-date':amzdate, 'Authorization':authorization_header, 'x-amz-content-sha256':'UNSIGNED-PAYLOAD'}
    # send request and get results
    request_url = 'http://' + bucket + '.s3.amazonaws.com' + uri    
    return requests.get(request_url, headers=headers).text

In [30]:
# get tags for object
print(get_bucket_stuff('leiyang.test', 'tagging', obj='/w4.pdf'))

<?xml version="1.0" encoding="UTF-8"?>
<Tagging xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><TagSet><Tag><Key>new_key</Key><Value>boto</Value></Tag><Tag><Key>from</Key><Value>python</Value></Tag></TagSet></Tagging>


In [31]:
# verify with boto3 return
clt.get_object_tagging(Bucket='leiyang.test', Key='w4.pdf')['TagSet']

[{'Key': 'new_key', 'Value': 'boto'}, {'Key': 'from', 'Value': 'python'}]

In [32]:
# get bucket policy
get_bucket_stuff('leiyang.test', 'policy')

'{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:GetObject","Resource":"arn:aws:s3:::leiyang.test/*","Condition":{"StringEquals":{"s3:ExistingObjectTag/nikola":"tesla"}}},{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:GetObject","Resource":"arn:aws:s3:::leiyang.test/*","Condition":{"StringEquals":{"s3:ExistingObjectTag/type":".doc"}}},{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:ListBucket","Resource":"arn:aws:s3:::leiyang.test","Condition":{"StringEquals":{"s3:prefix":"folder-test"}}},{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:ListBucket","Resource":"arn:aws:s3:::leiyang.test","Condition":{"StringNotEquals":{"s3:prefix":"folder-test"}}}]}'

In [34]:
# verify with boto3 return
clt.get_bucket_policy(Bucket='leiyang.test')['Policy']

'{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:GetObject","Resource":"arn:aws:s3:::leiyang.test/*","Condition":{"StringEquals":{"s3:ExistingObjectTag/nikola":"tesla"}}},{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:GetObject","Resource":"arn:aws:s3:::leiyang.test/*","Condition":{"StringEquals":{"s3:ExistingObjectTag/type":".doc"}}},{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:ListBucket","Resource":"arn:aws:s3:::leiyang.test","Condition":{"StringEquals":{"s3:prefix":"folder-test"}}},{"Effect":"Deny","Principal":{"AWS":"arn:aws:iam::149687825236:user/s3_test"},"Action":"s3:ListBucket","Resource":"arn:aws:s3:::leiyang.test","Condition":{"StringNotEquals":{"s3:prefix":"folder-test"}}}]}'

In [40]:
# list bucket content
print(get_bucket_stuff('leiyang.test', 'action'))

<?xml version="1.0" encoding="UTF-8"?>
<ListBucketResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Name>leiyang.test</Name><Prefix></Prefix><Marker></Marker><MaxKeys>1000</MaxKeys><IsTruncated>false</IsTruncated><Contents><Key>folder-test/</Key><LastModified>2017-07-26T19:25:52.000Z</LastModified><ETag>&quot;d41d8cd98f00b204e9800998ecf8427e&quot;</ETag><Size>0</Size><Owner><ID>ab78662b0559711595af8a2213fec4b6b564ee21f63bff1393dd2ce2fa8c7d08</ID><DisplayName>leiyang</DisplayName></Owner><StorageClass>STANDARD</StorageClass></Contents><Contents><Key>folder-test/IEEE_biography_samples.doc</Key><LastModified>2017-08-31T03:49:59.000Z</LastModified><ETag>&quot;b3ffa3bea5d9d5c6d7f1235edd962b88&quot;</ETag><Size>50176</Size><Owner><ID>ab78662b0559711595af8a2213fec4b6b564ee21f63bff1393dd2ce2fa8c7d08</ID><DisplayName>leiyang</DisplayName></Owner><StorageClass>REDUCED_REDUNDANCY</StorageClass></Contents><Contents><Key>w4.pdf</Key><LastModified>2017-07-26T19:28:05.000Z</LastModified><ETag>&