本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 連接專案政策 (SDK)
呼叫 [PutProjectpolicy](https://docs.aws.amazon.com/rekognition/latest/APIReference/API_PutProjectPolicy) 操作,即可將專案政策連接至 Amazon Rekognition 自訂標籤專案。
呼叫您要新增的每個專案政策的 `PutProjectPolicy`,即可將多個專案政策連接至專案。您最多可以將五個專案政策連接至專案。如果您需要連接更多專案政策,則可以請求增加[限制](limits.md)。
當您第一次將唯一專案政策連接至專案時,請勿在 `PolicyRevisionId` 輸入參數中指定修訂 ID。`PutProjectPolicy` 的回應是 Amazon Rekognition 自訂標籤為您建立的專案政策修訂 ID。您可以使用修訂 ID 來更新或刪除專案政策的最新修訂版。Amazon Rekognition 自訂標籤只會保留專案政策的最新修訂版。如果您嘗試更新或刪除先前的專案政策修訂,就會收到 `InvalidPolicyRevisionIdException` 錯誤訊息。
若要更新現有的專案政策,請在 `PolicyRevisionId` 輸入參數中指定專案政策的修訂 ID。呼叫 [ListProjectPolicies](https://docs.aws.amazon.com/rekognition/latest/APIReference/API_ListProjectPolicies),即可取得專案中專案政策的修訂 ID。
將專案政策連接至來源專案後,您即可將模型從來源專案複製到目的地專案。如需詳細資訊,請參閱[複製模型 (SDK)](md-copy-model-sdk.md)。
若要從專案中移除專案政策,請呼叫 [DeleteProjectPolicy](https://docs.aws.amazon.com/rekognition/latest/APIReference/API_DeleteProjectPolicy)。若要取得連接至專案的專案政策清單,請呼叫 [ListProjectPolicies](https://docs.aws.amazon.com/rekognition/latest/APIReference/API_ListProjectPolicies)。
**將專案政策連接至專案 (SDK)**
1. 如果您尚未這麼做,請安裝並設定 AWS CLI 和 AWS SDKs。如需詳細資訊,請參閱[步驟 4:設定 AWS CLI 和 AWS SDKs](su-awscli-sdk.md)。
1. [建立專案政策文件](md-create-project-policy-document.md)。
1. 使用下列程式碼將專案政策連接至信任 AWS 帳戶中的專案,其中包含您要複製的模型版本。若要取得專案 ARN,請呼叫 [DescribeProjects](https://docs.aws.amazon.com/rekognition/latest/customlabels-dg/md-describing-project-sdk.html)。若要取得模型版本 ARN,請呼叫 [DescribeProjectVersions](https://docs.aws.amazon.com/rekognition/latest/customlabels-dg/md-describing-model-sdk.html)。
------
#### [ AWS CLI ]
變更下列值:
+ `project-arn` 至信任 AWS 帳戶中來源專案的 ARN,其中包含您要複製的模型版本。
+ `policy-name` 至您選擇的政策名稱。
+ `principal` 至您要允許或拒絕存取在 `Model version ARN` 中指定的模型版本之主體。
+ `project-version-arn` 至要複製的模型版本之 ARN。
如果您要更新現有的專案政策,請指定 `policy-revision-id` 參數並提供所需專案政策的修訂 ID。
```
aws rekognition put-project-policy \
--project-arn {{project-arn}} \
--policy-name {{policy-name}} \
--policy-document '{ "Version": "2012-10-17", "Statement":[{ "Effect":"{{ALLOW or DENY}}", "Principal":{ "AWS":"{{principal}}" }, "Action":"rekognition:CopyProjectVersion", "Resource":"{{project-version-arn}}" }]}' \
--profile custom-labels-access
```
------
#### [ Python ]
使用以下程式碼。請提供以下命令列參數:
+ `project_arn` — 您要連接專案政策的來源專案的 ARN。
+ `policy_name` — 您選擇的政策名稱。
+ `project_policy` — 包含專案政策文件的檔案。
+ `policy_revision_id` — (選用)。如果您要更新現有的專案政策修訂版,請指定專案政策的修訂 ID。
```
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
"""
Purpose
Amazon Rekognition Custom Labels model example used in the service documentation:
https://docs.aws.amazon.com/rekognition/latest/customlabels-dg/md-copy-model-sdk.html
Shows how to attach a project policy to an Amazon Rekognition Custom Labels project.
"""
import boto3
import argparse
import logging
import json
from botocore.exceptions import ClientError
logger = logging.getLogger(__name__)
def put_project_policy(rek_client, project_arn, policy_name, policy_document_file, policy_revision_id=None):
"""
Attaches a project policy to an Amazon Rekognition Custom Labels project.
:param rek_client: The Amazon Rekognition Custom Labels Boto3 client.
:param policy_name: A name for the project policy.
:param project_arn: The Amazon Resource Name (ARN) of the source project
that you want to attach the project policy to.
:param policy_document_file: The JSON project policy document to
attach to the source project.
:param policy_revision_id: (Optional) The revision of an existing policy to update.
Pass None to attach new policy.
:return The revision ID for the project policy.
"""
try:
policy_document_json = ""
response = None
with open(policy_document_file, 'r') as policy_document:
policy_document_json = json.dumps(json.load(policy_document))
logger.info(
"Attaching %s project_policy to project %s.",
policy_name, project_arn)
if policy_revision_id is None:
response = rek_client.put_project_policy(ProjectArn=project_arn,
PolicyName=policy_name,
PolicyDocument=policy_document_json)
else:
response = rek_client.put_project_policy(ProjectArn=project_arn,
PolicyName=policy_name,
PolicyDocument=policy_document_json,
PolicyRevisionId=policy_revision_id)
new_revision_id = response['PolicyRevisionId']
logger.info(
"Finished creating project policy %s. Revision ID: %s",
policy_name, new_revision_id)
return new_revision_id
except ClientError as err:
logger.exception(
"Couldn't attach %s project policy to project %s: %s }",
policy_name, project_arn, err.response['Error']['Message'] )
raise
def add_arguments(parser):
"""
Adds command line arguments to the parser.
:param parser: The command line parser.
"""
parser.add_argument(
"project_arn", help="The Amazon Resource Name (ARN) of the project "
"that you want to attach the project policy to."
)
parser.add_argument(
"policy_name", help="A name for the project policy."
)
parser.add_argument(
"project_policy", help="The file containing the project policy JSON"
)
parser.add_argument(
"--policy_revision_id", help="The revision of an existing policy to update. "
"If you don't supply a value, a new project policy is created.",
required=False
)
def main():
logging.basicConfig(level=logging.INFO,
format="%(levelname)s: %(message)s")
try:
# get command line arguments
parser = argparse.ArgumentParser(usage=argparse.SUPPRESS)
add_arguments(parser)
args = parser.parse_args()
print(f"Attaching policy to {args.project_arn}")
session = boto3.Session(profile_name='custom-labels-access')
rekognition_client = session.client("rekognition")
# Attach a new policy or update an existing policy.
response = put_project_policy(rekognition_client,
args.project_arn,
args.policy_name,
args.project_policy,
args.policy_revision_id)
print(
f"project policy {args.policy_name} attached to project {args.project_arn}")
print(f"Revision ID: {response}")
except ClientError as err:
print("Problem attaching project policy: %s", err)
if __name__ == "__main__":
main()
```
------
#### [ Java V2 ]
使用以下程式碼。請提供以下命令列參數:
+ `project_arn` — 您要連接專案政策的來源專案的 ARN。
+ `project_policy_name` — 您選擇的政策名稱。
+ `project_policy_document` — 包含專案政策文件的檔案。
+ `project_policy_revision_id` — (選用)。如果您要更新現有的專案政策修訂版,請指定專案政策的修訂 ID。
```
/*
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package com.example.rekognition;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.logging.Level;
import java.util.logging.Logger;
import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.rekognition.RekognitionClient;
import software.amazon.awssdk.services.rekognition.model.PutProjectPolicyRequest;
import software.amazon.awssdk.services.rekognition.model.RekognitionException;
public class PutProjectPolicy {
public static final Logger logger = Logger.getLogger(PutProjectPolicy.class.getName());
public static void putMyProjectPolicy(RekognitionClient rekClient, String projectArn, String projectPolicyName,
String projectPolicyFileName, String projectPolicyRevisionId) throws IOException {
try {
Path filePath = Path.of(projectPolicyFileName);
String policyDocument = Files.readString(filePath);
String[] logArguments = new String[] { projectPolicyFileName, projectPolicyName };
PutProjectPolicyRequest putProjectPolicyRequest = null;
logger.log(Level.INFO, "Attaching Project policy: {0} to project: {1}", logArguments);
// Attach the project policy.
if (projectPolicyRevisionId == null) {
putProjectPolicyRequest = PutProjectPolicyRequest.builder().projectArn(projectArn)
.policyName(projectPolicyName).policyDocument(policyDocument).build();
} else {
putProjectPolicyRequest = PutProjectPolicyRequest.builder().projectArn(projectArn)
.policyName(projectPolicyName).policyRevisionId(projectPolicyRevisionId)
.policyDocument(policyDocument)
.build();
}
rekClient.putProjectPolicy(putProjectPolicyRequest);
logger.log(Level.INFO, "Attached Project policy: {0} to project: {1}", logArguments);
} catch (
RekognitionException e) {
logger.log(Level.SEVERE, "Client error occurred: {0}", e.getMessage());
throw e;
}
}
public static void main(String args[]) {
final String USAGE = "\n" + "Usage: "
+ " \n\n" + "Where:\n"
+ " project_arn - The ARN of the project that you want to attach the project policy to.\n\n"
+ " project_policy_name - A name for the project policy.\n\n"
+ " project_policy_document - The file name of the project policy.\n\n"
+ " project_policy_revision_id - (Optional) The revision ID of the project policy that you want to update.\n\n";
if (args.length < 3 || args.length > 4) {
System.out.println(USAGE);
System.exit(1);
}
String projectArn = args[0];
String projectPolicyName = args[1];
String projectPolicyDocument = args[2];
String projectPolicyRevisionId = null;
if (args.length == 4) {
projectPolicyRevisionId = args[3];
}
try {
RekognitionClient rekClient = RekognitionClient.builder()
.credentialsProvider(ProfileCredentialsProvider.create("custom-labels-access"))
.region(Region.US_WEST_2)
.build();
// Attach the project policy.
putMyProjectPolicy(rekClient, projectArn, projectPolicyName, projectPolicyDocument,
projectPolicyRevisionId);
System.out.println(
String.format("project policy %s: attached to project: %s", projectPolicyName, projectArn));
rekClient.close();
} catch (RekognitionException rekError) {
logger.log(Level.SEVERE, "Rekognition client error: {0}", rekError.getMessage());
System.exit(1);
}
catch (IOException intError) {
logger.log(Level.SEVERE, "Exception while reading policy document: {0}", intError.getMessage());
System.exit(1);
}
}
}
```
------
1. 依照 [複製模型 (SDK)](md-copy-model-sdk.md) 的指示複製模型版本。