堆栈内存溢出
  简体   繁体   English

我可以使用现有的AWS IAM角色通过Cloudformation模板创建S3存储桶吗?

[英]Can I use existing AWS IAM role to create S3 bucket via Cloudformation template?

 原文  2019-02-05 08:39:58       amazon-web-services/ amazon-s3/ amazon-cloudformation/ amazon-iam

问题描述

I want to create a S3 Bucket via CloudFormation template. 我想通过CloudFormation模板创建一个S3存储桶。 I found there is a way to do it for EC2 instance on this link . 我发现在此链接上有一种针对EC2实例的方法。

Do we have a way to create S3 bucket using existing IAM role via cloudformation? 我们是否有办法通过cloudformation使用现有的IAM角色创建S3存储桶?

2 个解决方案

解决方案1
 0  2019-02-05 10:45:14

It looks like what you're looking for is a service role . 看起来您正在寻找的是服务角色 From AWS: 从AWS:

A service role is an AWS Identity and Access Management (IAM) role that allows AWS CloudFormation to make calls to resources in a stack on your behalf. 服务角色是一个AWS Identity and Access Management(IAM)角色,它允许AWS CloudFormation代表您对堆栈中的资源进行调用。 You can specify an IAM role that allows AWS CloudFormation to create, update, or delete your stack resources. 您可以指定一个IAM角色,该角色允许AWS CloudFormation创建,更新或删除您的堆栈资源。 By default, AWS CloudFormation uses a temporary session that it generates from your user credentials for stack operations. 默认情况下,AWS CloudFormation使用从您的用户凭证生成的临时会话进行堆栈操作。 If you specify a service role, AWS CloudFormation uses the role's credentials. 如果您指定服务角色,则AWS CloudFormation使用角色的凭证。

For more information, you might want to take a look at this , specifically the permission part to find out how to use an existing IAM role for creating a Cloudformation stack. 欲了解更多信息,你可能想看看这个 ,特别是允许部分以了解如何使用现有IAM角色创建Cloudformation堆栈。

By the way: Unfortunately the link that you've provided doesn't seem to be accessible anymore. 顺便说一句:不幸的是,您提供的链接似乎不再可用。

解决方案2
 0  2019-02-05 12:10:31

When deploying infrastructure using creating Cloudformation template, you can have 2 ways to do it: 使用创建Cloudformation模板部署基础结构时,您可以通过以下两种方法进行:

  1. Cloudformation can deploy resources using the permissions of the current user who deploys the CF template. Cloudformation可以使用部署CF模板的当前用户权限来部署资源。 This is the default way 这是默认方式
  2. Secondly (Optional), you can choose an existing role that can be attached to the CF template. 其次(可选),您可以选择可以附加到CF模板的现有角色 Cloudformation service will use the permissions of that attached role to deploy all the required services. Cloudformation服务将使用该附加角色的权限来部署所有必需的服务。 Given that the attached role has permissions to S3, you can create an S3 bucket as can be seen in the attached screenshot 鉴于附加的角色具有对S3的权限,您可以创建一个S3存储桶,如所附的屏幕截图所示 通过CF模板使用现有角色

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 CloudFormation 在现有 AWS S3 存储桶中创建文本文件 - Create a text file in an existing AWS S3 bucket using CloudFormation 如何在Cloudformation模板参数中创建IAM角色下拉列表 - How can I create IAM Role Dropdown in Cloudformation Template Parameters CloudFormation、S3 存储桶访问跨账户 IAM 角色 - CloudFormation, S3 bucket access to cross-acccount IAM role 仅可访问特定S3存储桶的IAM组的AWS CloudFormation模板 - AWS CloudFormation Template for an IAM Group That May Only Access a Specific S3 Bucket AWS:通过 s3fs(iam 角色)将 S3 存储桶安装到 EC2 执行但不起作用 - AWS: Mounting S3 bucket to EC2 via s3fs (iam role) executes but does not work 如何使用 IAM 角色通过 aws sdk (java) 从 ECS 容器调用 s3 存储桶 - How to call s3 bucket from ECS container via aws sdk (java) by using IAM role AWS:如何通过 CloudFormation 更新现有的 S3 存储桶策略? - AWS: How to update an existing S3 bucket-policy via CloudFormation? AWS S3 - 为存储桶分配有限权限并创建只能访问该存储桶的IAM - AWS S3 - Assign limited permission to bucket & create IAM who can access that bucket only AWS CloudFormation:为现有 S3 存储桶配置复制 - AWS CloudFormation: Configuring replication for an existing S3 bucket AWS Cloudformation模板 - 在S3存储桶中设置区域 - AWS Cloudformation Template - Set Region in S3 Bucket
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM