Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

AWS ec2 uses IAM Role to manage S3 files

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

AWS EC2 instance, you can read the content of other services through Access key ID and Secret access key, and you can also obtain the content of other services by associating with IAM Role. Two configurations are described below.

1. By configuring Access key ID on EC2 (AWSCLI)

Apt-get install python3-y # install python3pip3 install-- upgrade awscli # install aws command line tool aws configure # enter the following information AWS Access Key ID [None]: AWS Secret Access Key [None]: Default region name [None]: Default output format [None]: json

2. How to configure IAM Role

Go to the IAM configuration interface and create a policy

Enter the role configuration interface and associate the created policy

Attach the created roles to the EC2

To verify the above configuration, first disassociate the IAM role, and verify from ssh to EC2

Aws S3 ls-- region cn-north-1 s3://package/ # normal rm-rf ~ / .aws # Delete aws configure configuration file if it can display files in bucket

Reassociate IAM roles, ssh to EC2 authentication

Aws S3 ls-- region cn-north-1 s3://package/ # is normal if it is consistent with the previous display

After the above tests, it is found that the EC2 instance can use the current policy to read the contents of S3, but cannot upload the file to S3. After consulting AWS technical support, the above policy has no operation permission on the object in bucket, resulting in upload failure. If you want to add write permission to object in the policy

{"Version": "2012-10-17", "Statement": [{"Sid": "VisualEditor2", "Effect": "Allow", "Action": ["s3:ListAllMyBuckets", "s3:ListBucket", "s3:HeadBucket"] "Resource": "arn:aws-cn:s3:::*"}, # the above policy is to list all bucket information {"Sid": "VisualEditor1", "Effect": "Allow", "Action": "s3bucket *" "Resource": "arn:aws-cn:s3:::package/*" # S3VR * indicates all S3 operations Package/* represents all object files under package}]}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report