AWS EC2实例-拒绝写入〜/ .aws / credentials的权限
[英]aws ec2 instance - permission denied to write to ~/.aws/credentials
问题描述
When ssh into a aws ec2 linux instance, the user is ec2-user by default. 
当ssh进入aws ec2 linux实例时,默认情况下该用户为ec2-user 。 Then I need to set aws credentials by writing to ~/.aws/credentials , but got permission denied. 然后,我需要通过写入~/.aws/credentials来设置aws ~/.aws/credentials ,但是权限被拒绝。 I feel that if I use sudo then the credentials file would be owned by root user, as a result my api server can't read from it. 我觉得如果我使用sudo那么credentials文件将归root用户所有,因此我的api服务器无法读取它。
What's the correct approach to set up aws credentials there? 在那建立AWS凭证的正确方法是什么?
2 个解决方案
解决方案1
2 已采纳 2019-03-25 08:39:59
The 'correct' way to setup the credentials, is to assign a role to the ec2 instance when you create it (or assign them after you create it). 设置凭据的“正确”方法是,在创建ec2实例时将其分配给角色(或在创建后将其分配)。 That role can be created and assigned to the EC2 instance via the AWS console - there is no need to ssh in and create the credentials there. 可以通过AWS控制台创建该角色并将其分配给EC2实例-无需在其中ssh并创建凭证。
See: Easily Replace or Attach an IAM Role to an Existing EC2 Instance by Using the EC2 Console | 请参阅: 使用EC2控制台轻松将IAM角色替换或附加到现有EC2实例 AWS Security Blog AWS安全博客
解决方案2
0 2019-03-25 07:36:09
You can create the credentials file locally, then upload to your ec2 instance. 您可以在本地创建credentials文件,然后上传到ec2实例。
- create the
credentialsfile locally在本地创建credentials文件
$ vim credentials
- upload to your ec2 instance 上传到您的ec2实例
$ scp /path/credentials username@servername:/path
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.