AWS - EC2 - IAM Role | YONGFEIUALL

Post author: 唐胡璐
Post link: <a href="http://izheyi.com/2018/04/19/AWS-EC2-IAM-Role/" title="AWS - EC2 - IAM Role">http://izheyi.com/2018/04/19/AWS-EC2-IAM-Role/
Copyright Notice: All articles in this blog are licensed under <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/" rel="external nofollow" target="_blank">CC BY-NC-SA 4.0 unless stating additionally.

可以使用 Amazon EC2 和 AWS Identity and Access Management (IAM) 的功能，在不共享您的安全凭证情况下允许其他用户、服务和应用程序使用您的 Amazon EC2 资源。

我们拿EC2和S3来做个例子，SSH到新创建的Instance，

1 2	[ec2-user@ip-172-31-43-33 ~]$ aws s3 ls Unable to locate credentials. You can configure credentials by running "aws configure".

必须要Configure，建立Credential之后才能执行该Command。

我们用IAM Role的方式来处理：

在IAM新建一个Role，对该EC2授予AmazonS3FullAccess权限。
把这个Role Attach到EC2上。

执行同一Command。

[ec2-user@ip-172-31-43-33 ~]$ aws s3 ls
Unable to locate credentials. You can configure credentials by running "aws configure".
[ec2-user@ip-172-31-43-33 ~]$ aws s3 ls
2018-04-13 05:57:09 yongfeiuall
2018-04-14 02:43:42 yongfeiuall.cloudfront
2018-04-13 23:52:51 yongfeiuall.lifecycle
2018-04-14 00:24:46 yongfeiuall.staticwebsite
2018-04-13 22:17:33 yongfeiuall.sydney