堆栈内存溢出
  简体   繁体   English

AWS实例distcp到s3 - 访问密钥

[英]AWS instance distcp to s3 - Access keys

 原文  2015-10-17 18:15:14       hadoop/ amazon-web-services/ amazon-s3/ hdfs/ distcp

问题描述

If I have an EC2 instance created with a role, what is the best practice way to get access keys to do a distcp from hdfs to s3? 如果我有一个使用角色创建的EC2实例,那么从hdfs到s3获取访问密钥以执行distcp的最佳实践方法是什么?

I don't want to be sending access keys to the instance using our automated deployment tools because that would mean storing the keys in plain sight. 我不想使用我们的自动部署工具向实例发送访问密钥,因为这意味着将密钥存储在视线中。 Is there a way for the instance to request a set of keys using the CLI? 有没有办法让实例使用CLI请求一组密钥?

I need to have them for hadoop distcp /data s3n://<access_key>:<secret_key>@mybucket/baackup/data 我需要将它们用于hadoop distcp /data s3n://<access_key>:<secret_key>@mybucket/baackup/data

1 个解决方案

解决方案1
 3 已采纳  2015-10-18 04:23:29

When an Amazon EC2 instance is launched with a Role, then the instance is given access to temporary security keys via the Instance Metadata Service. 当使用角色启动Amazon EC2实例时,实例将通过Instance元数据服务授予对临时安全密钥的访问权限。 It works as follows: 它的工作原理如下:

  • A Role is created in Identity and Access Management (IAM) 在身份和访问管理(IAM)中创建角色
  • Appropriate permissions are granted to the role 为角色授予适当的权限
  • An Amazon EC2 instance is launched with that Role selected. 启动 Amazon EC2实例并选择该角色。 If you are using Amazon Elastic MapReduce (EMR) to launch the instances, then they are typically assigned an EMR-specific role (which you can modify 如果您使用Amazon Elastic MapReduce(EMR)来启动实例,那么通常会为它们分配一个特定于EMR的角色(您可以修改它)
  • A set of temporary security credentials are made available to the instance via the URL http://169.254.169.254/latest/meta-data/iam/security-credentials/ 通过URL http://169.254.169.254/latest/meta-data/iam/security-credentials/为实例提供一组临时安全证书。

Software that calls the AWS SDK knows to automatically look at this URL to retrieve security credentials. 调用AWS SDK的软件知道自动查看此URL以检索安全凭据。 If the software you are using does not automatically look at this URL, you can extract them and pass them to the software. 如果您使用的软件没有自动查看此URL,您可以提取它们并将它们传递给软件。

See: Retrieving Security Credentials from Instance Metadata 请参阅: 从实例元数据中检索安全凭据

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Hdfs 到 s3 Distcp - 访问密钥 - Hdfs to s3 Distcp - Access Keys distcp hdfs到s3失败 - distcp hdfs to s3 fails Distcp 从 S3 到 HDFS - Distcp from S3 to HDFS distcp本质上是否使用SSL / TLS将文件传输到AWS S3 - Does distcp inherently use SSL/TLS to transfer file to AWS S3 Hadoop distcp到HTTP代理后面的S3 - Hadoop distcp to S3 behind HTTP proxy 使用distcp命令复制到s3位置 - Copy to s3 location using distcp command 从本地Hadoop到Amazon S3的DistCp - DistCp from Local Hadoop to Amazon S3 从s3到hadoop的distcp - 找不到文件 - distcp from s3 to hadoop - file not found 如何使用 spark、s3Distcp 和 aws EMR 从一个 s3 位置读取大型数据集并将其重新分区到另一个位置 - How to read and repartition a large dataset from one s3 location to another using spark, s3Distcp & aws EMR AWS EMR S3DistCp 的性能问题 - Performance issue with AWS EMR S3DistCp
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM