本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 附加项目策略 (SDK)
通过调用该操作,您可以将项目策略附加到 Amazon Rekognition 自定义标签项目。[PutProjectpolicy](https://docs.aws.amazon.com/rekognition/latest/APIReference/API_PutProjectPolicy)
附加多个项目策略到一个项目时,请对要添加的每个项目策略调用 `PutProjectPolicy`。最多可以附加五个项目策略到一个项目。如果需要附加更多项目策略,可以请求提高[限制](limits.md)。
首次附加唯一的项目策略到项目时,请不要在 `PolicyRevisionId` 输入参数中指定修订版 ID。`PutProjectPolicy` 的响应是 Amazon Rekognition Custom Labels 为您创建的项目策略的修订版 ID。您可以使用该修订版 ID 来更新或删除项目策略的最新修订版。Amazon Rekognition Custom Labels 仅保留项目策略的最新修订版。如果尝试更新或删除项目策略的上一个修订版,会发生 `InvalidPolicyRevisionIdException` 错误。
要更新现有项目策略,请在 `PolicyRevisionId` 输入参数中指定项目策略的修订版 ID。您可以通过调用 IDs 获取项目中项目策略的修订版[ListProjectPolicies](https://docs.aws.amazon.com/rekognition/latest/APIReference/API_ListProjectPolicies)。
附加项目策略到源项目后,就可以将模型从源项目复制到目标项目。有关更多信息,请参阅 [复制模型 (SDK)](md-copy-model-sdk.md)。
要从项目中移除项目政策,请致电[DeleteProjectPolicy](https://docs.aws.amazon.com/rekognition/latest/APIReference/API_DeleteProjectPolicy)。要获取附加到项目的项目政策列表,请致电[ListProjectPolicies](https://docs.aws.amazon.com/rekognition/latest/APIReference/API_ListProjectPolicies)。
**附加项目策略到项目 (SDK)**
1. 如果您尚未这样做,请安装并配置 AWS CLI 和 AWS SDKs。有关更多信息,请参阅 [第 4 步:设置 AWS CLI and AWS 软件开发工具包](su-awscli-sdk.md)。
1. [创建项目策略文档](md-create-project-policy-document.md)。
1. 使用以下代码将项目策略附加到包含要复制的模型版本的信任 AWS 账户中的项目。要获取项目 ARN,请致电。[DescribeProjects](https://docs.aws.amazon.com/rekognition/latest/customlabels-dg/md-describing-project-sdk.html)要获取模型版本 ARN,请致电。[DescribeProjectVersions](https://docs.aws.amazon.com/rekognition/latest/customlabels-dg/md-describing-model-sdk.html)
------
#### [ AWS CLI ]
更改以下值:
+ `project-arn`发送到包含您要复制的模型版本的信任 AWS 账户中源项目的 ARN。
+ 将 `policy-name` 更改为您选择的策略名称。
+ 将 `principal` 更改为要允许或拒绝其对您在 `Model version ARN` 中指定的模型版本进行访问的主体。
+ 将 `project-version-arn` 更改为要复制的模型版本的 ARN。
如果要更新现有项目策略,请指定 `policy-revision-id` 参数并提供所需项目策略的修订版 ID。
```
aws rekognition put-project-policy \
--project-arn {{project-arn}} \
--policy-name {{policy-name}} \
--policy-document '{ "Version": "2012-10-17", "Statement":[{ "Effect":"{{ALLOW or DENY}}", "Principal":{ "AWS":"{{principal}}" }, "Action":"rekognition:CopyProjectVersion", "Resource":"{{project-version-arn}}" }]}' \
--profile custom-labels-access
```
------
#### [ Python ]
使用以下代码。提供以下命令行参数:
+ `project_arn`:要将项目策略附加到的源项目的 ARN。
+ `policy_name`:您选择的策略名称。
+ `project_policy`:包含项目策略文档的文件。
+ `policy_revision_id` –(可选)。如果要更新项目策略的现有修订版,请指定项目策略的修订版 ID。
```
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
"""
Purpose
Amazon Rekognition Custom Labels model example used in the service documentation:
https://docs.aws.amazon.com/rekognition/latest/customlabels-dg/md-copy-model-sdk.html
Shows how to attach a project policy to an Amazon Rekognition Custom Labels project.
"""
import boto3
import argparse
import logging
import json
from botocore.exceptions import ClientError
logger = logging.getLogger(__name__)
def put_project_policy(rek_client, project_arn, policy_name, policy_document_file, policy_revision_id=None):
"""
Attaches a project policy to an Amazon Rekognition Custom Labels project.
:param rek_client: The Amazon Rekognition Custom Labels Boto3 client.
:param policy_name: A name for the project policy.
:param project_arn: The Amazon Resource Name (ARN) of the source project
that you want to attach the project policy to.
:param policy_document_file: The JSON project policy document to
attach to the source project.
:param policy_revision_id: (Optional) The revision of an existing policy to update.
Pass None to attach new policy.
:return The revision ID for the project policy.
"""
try:
policy_document_json = ""
response = None
with open(policy_document_file, 'r') as policy_document:
policy_document_json = json.dumps(json.load(policy_document))
logger.info(
"Attaching %s project_policy to project %s.",
policy_name, project_arn)
if policy_revision_id is None:
response = rek_client.put_project_policy(ProjectArn=project_arn,
PolicyName=policy_name,
PolicyDocument=policy_document_json)
else:
response = rek_client.put_project_policy(ProjectArn=project_arn,
PolicyName=policy_name,
PolicyDocument=policy_document_json,
PolicyRevisionId=policy_revision_id)
new_revision_id = response['PolicyRevisionId']
logger.info(
"Finished creating project policy %s. Revision ID: %s",
policy_name, new_revision_id)
return new_revision_id
except ClientError as err:
logger.exception(
"Couldn't attach %s project policy to project %s: %s }",
policy_name, project_arn, err.response['Error']['Message'] )
raise
def add_arguments(parser):
"""
Adds command line arguments to the parser.
:param parser: The command line parser.
"""
parser.add_argument(
"project_arn", help="The Amazon Resource Name (ARN) of the project "
"that you want to attach the project policy to."
)
parser.add_argument(
"policy_name", help="A name for the project policy."
)
parser.add_argument(
"project_policy", help="The file containing the project policy JSON"
)
parser.add_argument(
"--policy_revision_id", help="The revision of an existing policy to update. "
"If you don't supply a value, a new project policy is created.",
required=False
)
def main():
logging.basicConfig(level=logging.INFO,
format="%(levelname)s: %(message)s")
try:
# get command line arguments
parser = argparse.ArgumentParser(usage=argparse.SUPPRESS)
add_arguments(parser)
args = parser.parse_args()
print(f"Attaching policy to {args.project_arn}")
session = boto3.Session(profile_name='custom-labels-access')
rekognition_client = session.client("rekognition")
# Attach a new policy or update an existing policy.
response = put_project_policy(rekognition_client,
args.project_arn,
args.policy_name,
args.project_policy,
args.policy_revision_id)
print(
f"project policy {args.policy_name} attached to project {args.project_arn}")
print(f"Revision ID: {response}")
except ClientError as err:
print("Problem attaching project policy: %s", err)
if __name__ == "__main__":
main()
```
------
#### [ Java V2 ]
使用以下代码。提供以下命令行参数:
+ `project_arn`:要将项目策略附加到的源项目的 ARN。
+ `project_policy_name`:您选择的策略名称。
+ `project_policy_document`:包含项目策略文档的文件。
+ `project_policy_revision_id` –(可选)。如果要更新项目策略的现有修订版,请指定项目策略的修订版 ID。
```
/*
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package com.example.rekognition;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.logging.Level;
import java.util.logging.Logger;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.rekognition.RekognitionClient;
import software.amazon.awssdk.services.rekognition.model.PutProjectPolicyRequest;
import software.amazon.awssdk.services.rekognition.model.RekognitionException;
public class PutProjectPolicy {
public static final Logger logger = Logger.getLogger(PutProjectPolicy.class.getName());
public static void putMyProjectPolicy(RekognitionClient rekClient, String projectArn, String projectPolicyName,
String projectPolicyFileName, String projectPolicyRevisionId) throws IOException {
try {
Path filePath = Path.of(projectPolicyFileName);
String policyDocument = Files.readString(filePath);
String[] logArguments = new String[] { projectPolicyFileName, projectPolicyName };
PutProjectPolicyRequest putProjectPolicyRequest = null;
logger.log(Level.INFO, "Attaching Project policy: {0} to project: {1}", logArguments);
// Attach the project policy.
if (projectPolicyRevisionId == null) {
putProjectPolicyRequest = PutProjectPolicyRequest.builder().projectArn(projectArn)
.policyName(projectPolicyName).policyDocument(policyDocument).build();
} else {
putProjectPolicyRequest = PutProjectPolicyRequest.builder().projectArn(projectArn)
.policyName(projectPolicyName).policyRevisionId(projectPolicyRevisionId)
.policyDocument(policyDocument)
.build();
}
rekClient.putProjectPolicy(putProjectPolicyRequest);
logger.log(Level.INFO, "Attached Project policy: {0} to project: {1}", logArguments);
} catch (
RekognitionException e) {
logger.log(Level.SEVERE, "Client error occurred: {0}", e.getMessage());
throw e;
}
}
public static void main(String args[]) {
final String USAGE = "\n" + "Usage: "
+ " \n\n" + "Where:\n"
+ " project_arn - The ARN of the project that you want to attach the project policy to.\n\n"
+ " project_policy_name - A name for the project policy.\n\n"
+ " project_policy_document - The file name of the project policy.\n\n"
+ " project_policy_revision_id - (Optional) The revision ID of the project policy that you want to update.\n\n";
if (args.length < 3 || args.length > 4) {
System.out.println(USAGE);
System.exit(1);
}
String projectArn = args[0];
String projectPolicyName = args[1];
String projectPolicyDocument = args[2];
String projectPolicyRevisionId = null;
if (args.length == 4) {
projectPolicyRevisionId = args[3];
}
try {
RekognitionClient rekClient = RekognitionClient.builder()
.credentialsProvider(ProfileCredentialsProvider.create("custom-labels-access"))
.region(Region.US_WEST_2)
.build();
// Attach the project policy.
putMyProjectPolicy(rekClient, projectArn, projectPolicyName, projectPolicyDocument,
projectPolicyRevisionId);
System.out.println(
String.format("project policy %s: attached to project: %s", projectPolicyName, projectArn));
rekClient.close();
} catch (RekognitionException rekError) {
logger.log(Level.SEVERE, "Rekognition client error: {0}", rekError.getMessage());
System.exit(1);
}
catch (IOException intError) {
logger.log(Level.SEVERE, "Exception while reading policy document: {0}", intError.getMessage());
System.exit(1);
}
}
}
```
------
1. 按照[复制模型 (SDK)](md-copy-model-sdk.md)中的说明复制模型版本。