AWS CLI使用实例配置文件凭据

时间:2015-03-10 17:00:39

标签: amazon-web-services amazon-ec2 aws-cli

如何在EC2实例中使用AWS CLI时指定我要使用实例配置文件凭据?文档说:

Instance profile credentials – these credentials can be used on EC2
instances with an assigned instance role, and are delivered through
the Amazon EC2 metadata service.

这是自动还是我需要调用元数据服务并将返回的凭据保存到~/.aws/credentials文件中...然后拨打电话?

1 个答案:

答案 0 :(得分:14)

您在谈论IAM Roles。它们连接到EC2实例,键每四个小时滚动/旋转一次。

需要从实例元数据中提取这些内容并将其提供给aws-cli或SDK,他们会自动将其拉出来。

如果您使用--debug标记运行aws-cli,您应该会看到正在拾取的凭据:

$ aws --debug s3 ls
...
2015-03-10 18:15:04,459 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: iam-role
2015-03-10 18:15:04,465 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2015-03-10 18:15:04,466 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/ HTTP/1.1" 200 37
2015-03-10 18:15:04,468 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2015-03-10 18:15:04,469 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/myrole-snipped HTTP/1.1" 200 898
2015-03-10 18:15:04,469 - MainThread - botocore.credentials - INFO - Found credentials from IAM Role: myrole-snipped