[英]What is the correct way to expose an AWS in an API without giving out your keys?
Sorry about the awkward title. 不好意思的标题。
I am building a Python API. 我正在构建一个Python API。 Part of it involves sending and receiving data to an Amazon SQS to communicate with some stuff on an EC2 instance.
其中一部分涉及发送和接收数据到Amazon SQS,以与EC2实例上的某些内容进行通信。 I don't want to distribute the API with my amazon keys in it though.
我不想随同我的Amazon Key一起分发API。
What is the correct way around an issue like this? 解决此类问题的正确方法是什么? Do I have to write a separate layer that sits in front of SQS with my own authentication or is there a way to add permissions to amazon keys such that uses could just send and receive messages to SQS but couldn't create additional queues or access any other web services?
我是否必须使用我自己的身份验证在SQS前面编写一个单独的层,还是有办法添加对Amazon Key的权限,以便使用者只能向SQS发送和接收消息,但不能创建其他队列或访问任何队列其他网络服务?
It depends on your identity requirements. 这取决于您的身份要求。 If it's ok for your clients to have AWS accounts, you can give their accounts permission to send messages to your queue.
如果您的客户可以使用AWS账户,则可以授予其账户将消息发送到队列的权限。 If you want your own identity, then yes, you would need to build a service layer infront of AWS to broker API requests
如果您想要自己的身份,那么是的,您需要在AWS前端构建一个服务层以代理API请求
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.