70 lines
2.1 KiB
Bash
Executable File
70 lines
2.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ ! -f $1 ]; then
|
|
echo "You must first prepare the manifest, which is a csv with content <bucket>:<key>"
|
|
exit 1
|
|
fi
|
|
|
|
cat <<EOF > trust-policy.json
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Service": "batchoperations.s3.amazonaws.com"
|
|
},
|
|
"Action": "sts:AssumeRole"
|
|
}
|
|
]
|
|
}
|
|
EOF
|
|
|
|
# Create batch restore role
|
|
aws iam create-role \
|
|
--role-name S3BatchRestoreRole \
|
|
--description "S3 batch restore role" \
|
|
--assume-role-policy-document file://trust-policy.json
|
|
|
|
aws iam attach-role-policy \
|
|
--role-name S3BatchRestoreRole \
|
|
--policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess
|
|
|
|
# Create manufest bucket and copy manifest over
|
|
MANIFEST_BUCKET="deep-archive-restore-batch-$(uuid)"
|
|
aws s3 mb s3://$MANIFEST_BUCKET
|
|
aws s3 cp $1 s3://$MANIFEST_BUCKET/
|
|
echo "Uploaded manifest to s3://$MANIFEST_BUCKET/objectlist.csv"
|
|
|
|
# Build input json parameters
|
|
etag=$(aws s3api list-objects --bucket $MANIFEST_BUCKET --prefix objectlist.csv | jq -cr .Contents[].ETag | tr -d \")
|
|
|
|
jo -p Spec="$(jo -p Format=S3BatchOperations_CSV_20180820 Fields=$(jo -a Bucket Key))" Location="$(jo -p ObjectArn=arn:aws:s3:::$MANIFEST_BUCKET/objectlist.csv ETag=$etag)" > /tmp/manifest.json
|
|
|
|
jo Bucket=arn:aws:s3:::$MANIFEST_BUCKET Prefix=batch-reports Format=Report_CSV_20180820 Enabled=true ReportScope=AllTasks > /tmp/report.json
|
|
|
|
# Submit batch restore job
|
|
echo "Submit s3 batch job..."
|
|
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
|
|
jobid=```aws s3control create-job \
|
|
--account-id $ACCOUNT_ID \
|
|
--operation '{"S3InitiateRestoreObject": {"ExpirationInDays": 14, "GlacierJobTier": "STANDARD"}}' \
|
|
--manifest file:///tmp/manifest.json \
|
|
--report file:///tmp/report.json \
|
|
--role-arn arn:aws:iam::$ACCOUNT_ID:role/S3BatchRestoreRole \
|
|
--description "Restore objects from Deep Archive" \
|
|
--priority 10 \
|
|
--region ap-east-1 | jq -cr .JobId```
|
|
|
|
sleep 5
|
|
|
|
# Approve job
|
|
echo "Approve submitted job $jobid..."
|
|
aws s3control update-job-status \
|
|
--account-id $ACCOUNT_ID \
|
|
--job-id $jobid \
|
|
--requested-job-status Ready
|
|
|
|
echo "To delete the manifest bucket:"
|
|
echo "aws s3 rb s3://$MANIFEST_BUCKET --force"
|