[英]aws ec2 instance - permission denied to write to ~/.aws/credentials
When ssh
into a aws ec2 linux instance, the user is ec2-user
by default. 当
ssh
进入aws ec2 linux实例时,默认情况下该用户为ec2-user
。 Then I need to set aws credentials by writing to ~/.aws/credentials
, but got permission denied. 然后,我需要通过写入
~/.aws/credentials
来设置aws ~/.aws/credentials
,但是权限被拒绝。 I feel that if I use sudo
then the credentials
file would be owned by root
user, as a result my api server can't read from it. 我觉得如果我使用
sudo
那么credentials
文件将归root
用户所有,因此我的api服务器无法读取它。
What's the correct approach to set up aws credentials there? 在那建立AWS凭证的正确方法是什么?
The 'correct' way to setup the credentials, is to assign a role to the ec2 instance when you create it (or assign them after you create it). 设置凭据的“正确”方法是,在创建ec2实例时将其分配给角色(或在创建后将其分配)。 That role can be created and assigned to the EC2 instance via the AWS console - there is no need to ssh in and create the credentials there.
可以通过AWS控制台创建该角色并将其分配给EC2实例-无需在其中ssh并创建凭证。
See: Easily Replace or Attach an IAM Role to an Existing EC2 Instance by Using the EC2 Console | 请参阅: 使用EC2控制台轻松将IAM角色替换或附加到现有EC2实例 AWS Security Blog
AWS安全博客
You can create the credentials
file locally, then upload to your ec2 instance. 您可以在本地创建
credentials
文件,然后上传到ec2实例。
credentials
file locally credentials
文件 $ vim credentials
$ scp /path/credentials username@servername:/path
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.