如何从另一个实例创建ec2实例? Boto Awscli
[英]How to create ec2 instances from another instance? boto awscli
问题描述
I'm looking to create an AWS system with one master EC2 instance which can create other instances. 
我希望使用一个可以创建其他实例的主EC2实例创建一个AWS系统。
For now, I managed to create python files with boto able to create ec2 instances. 目前,我设法通过boto创建了能够创建ec2实例的python文件。 The script works fine in my computer environment but when I try to deploy it using Amazon BeanStalk with Django (Python 3.4 included) the script doesn't work. 该脚本在我的计算机环境中可以正常工作,但是当我尝试使用带Django的Amazon BeanStalk部署它(包括Python 3.4)时,该脚本不起作用。 I can't configure aws cli (and so Boto) through SSL because the only user I can access is ec2-user and the web server uses another user. 我无法通过SSL配置aws cli(以及Boto),因为我可以访问的唯一用户是ec2-user,并且Web服务器使用另一个用户。
I could simply handwrite my access ID key and password on the python file but that would not be secure. 我可以简单地在python文件上手写我的访问ID密钥和密码,但这并不安全。 What can I do to solve this problem? 我该怎么做才能解决这个问题?
I also discovered AWS cloudformation today, is it a better idea to create new instances with that rather than with the boto function run? 我今天还发现了AWS cloudformation,用它而不是运行boto函数创建新实例是一个更好的主意吗?
1 个解决方案
解决方案1
1 2017-09-29 17:33:10
This sounds like an AWS credentials question, not specifically a "create ec2 instances" question. 这听起来像是AWS凭证问题,而不是“创建ec2实例”问题。 The answer is to assign the appropriate AWS permissions to the EC2 instance via an IAM role. 答案是通过IAM角色将适当的AWS权限分配给EC2实例。 Then your boto/boto3 code and/or the AWS CLI running on that instance will have permissions to make the necessary AWS API calls without having an access key and secret key stored in your code. 然后,您的boto / boto3代码和/或在该实例上运行的AWS CLI将具有进行必要的AWS API调用的权限,而无需在代码中存储访问密钥和秘密密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.