TechQA.

Fetching ElastiCache Tags

1.9k views Asked by At

I am trying to fetch ElastiCache Tags using Boto3 and Python. In boto3, there is a function called- list_tags_for_resource(). But, the problem I am facing is, how to find the resource name. I am using the following code: 

from boto3.session import Session

sess = Session(aws_access_key_id=id,aws_secret_access_key=key)
conn = sess.client(service_name='elasticache', region_name='us-east-1')
arn="arn:aws:elasticache:us-east-1:123456:cluster:name_of_cluster"
print conn.list_tags_for_resource(ResourceName=name)

This is giving the following error : 

botocore.exceptions.ClientError: An error occurred (InvalidParameterValue) when calling the ListTagsForResource operation: Unauthorized call. Please check the region or customer id
python amazon-web-services boto amazon-elasticache boto3
Original Q&A
2

There are 2 answers

0
AlexMeng On

If you are using the ReadOnlyAccess managed policy, you will not be able to list tags for elasticache. Ensure that your user has elasticache:ListTagsForResource explicitly set in their policy. Amazon does not currently include that permission in their ReadOnlyAccess policy. A policy that allows viewing elasticache tags would look like: 

{
    "Version": "2015-06-26",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "elasticache:ListTagsForResource"
            ],
            "Resource": "*"
        }
    ]
}

I believe this should be part of the ReadOnlyAccess policy,and opened a ticket with Amazon. This was their response:

You raise a valid point regarding "elasticache:ListTagsForResource" not being included in the AWS supplied "ReadOnlyAccess" managed policy. We can't very well call it read only when it doesn't allow someone to list tags on a named resource in my opinion. Therefore, I have opened an internal ticket with the team who controls these managed policies; requesting that the API "elasticache:ListTagsForResource" be added to "ReadOnlyAccess".

0
NoOneYouKnow On

Well the script posted has some problems. Your passing the variable 'name' which isn't defined. I think you mean arn and maybe there are other ways to do it but I define region_name in session rather than client. Try something like this out.

session = boto3.Session(region_name='us-east-1',aws_access_key_id=id,aws_secret_access_key=key)
client = session.client("elasticache")
arn = "arn:aws:elasticache:us-east-1:1234567889:cluster:rand57hzn577a78-0001-001"
client.list_tags_for_resource(ResourceName=arn)

Related Questions in PYTHON

Related Questions in AMAZON-WEB-SERVICES

Related Questions in BOTO

Related Questions in AMAZON-ELASTICACHE

Related Questions in BOTO3

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions