[英]How to use boto3 without AWS Vault?
I have the following method that is working in Python: 我有以下在Python中工作的方法:
def connect_s3_boto3():
try:
os.environ['AWS_PROFILE'] = "a9e"
s3 = boto3.resource('s3')
return s3
except:
raise
The issue is that works using ~/.aws/config
: 问题是使用
~/.aws/config
可以正常工作:
[profile home]
aws_access_key_id=ID
aws_secret_access_key=SECRET
[profile a9e]
region=eu-west-1
role_arn=DAROLE
source_profile=home
So, I've a set of doubts. 因此,我有一系列疑问。 In a production environment where I want to use that method, I need to set AWS Vault?
在要使用该方法的生产环境中,需要设置AWS Vault? There is no other alternative?
有没有其他选择? For example using
IAM_ROLE
as in boto2
. 例如使用
IAM_ROLE
如boto2
。
For code running on an Amazon EC2 instance: 对于在Amazon EC2实例上运行的代码:
See: IAM Roles for Amazon EC2 - Amazon Elastic Compute Cloud 请参阅: Amazon EC2的IAM角色-Amazon Elastic Compute Cloud
If you are running code on a non-EC2 computer, then you will need entries in the config/credentials files. 如果在非EC2计算机上运行代码,则需要在config / credentials文件中输入条目。 This will involve at minimum an Access Key and Secret Key associated with an IAM User.
这将至少涉及与IAM用户关联的访问密钥和秘密密钥。 If you then wish to use an IAM Role, the code would need to
AssumeRole()
using those credentials. 如果您随后希望使用IAM角色,则代码将需要使用这些凭据进行
AssumeRole()
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.