在不同地区的多个账户上运行 boto3 脚本
[英]Running a boto3 script on multiple accounts all in different regions
问题描述
I am using an IAM user account to run a boto3 script against multiple aws accounts they are all in different regions.
我正在使用 IAM 用户帐户针对多个 aws 帐户运行 boto3 脚本,这些帐户都位于不同的区域。 The default region for my IAM user in ~/.aws/config is us-east-1.. My script only works for the accounts in us-east-1 region but does not return anything for other regions.我的 IAM 用户在 ~/.aws/config 中的默认区域是 us-east-1.. 我的脚本仅适用于 us-east-1 区域中的账户,但不会为其他区域返回任何内容。 How do I get it to run cross regions?如何让它跨区域运行?
1 个解决方案
解决方案1
0 2020-04-08 06:01:02
IAM credentials are associated with a single AWS Account . IAM 凭证与单个 AWS Account关联。 If you wish to make API calls to another account, the program will either need credentials from that account, or it will need the ability to assume a role in the other account .如果您希望对另一个帐户进行 API 调用,程序将需要来自该帐户的凭据,或者需要能够在另一个帐户中担任角色。 That role would need to trust the IAM User/Role that are being used to call AssumeRole() .该角色需要信任用于调用AssumeRole()的 IAM 用户/角色。
(Some services, such as Amazon S3 and Amazon SQS, have additional access policies that can allow cross-account access without assuming a role.) (某些服务,例如 Amazon S3 和 Amazon SQS,具有额外的访问策略,可以允许跨账户访问而无需承担角色。)
To connect to a specific region , specify the region when creating the client:要连接到特定区域,请在创建客户端时指定区域:
ec2_client_sydney = boto3.client('ec2', region_name='ap-southeast-2')
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.