[英]How to use IAM role to rotate the AWS secret keys in Spring boot Application for a task
I want to use an IAM role for using AWS services like S3, SNS etc in my task rather than specifying the secret keys of the user.我想在我的任务中使用 IAM 角色来使用 S3、SNS 等 AWS 服务,而不是指定用户的密钥。
I have seen this article https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-iam-roles.html but I am not sure about how to implement this in the spring boot environment.我已经看过这篇文章https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-iam-roles.html但我不知道如何在 Z2A2D59265EZ676ED9AB134B24F 环境中实现它。
Currently, I have the keys in properties file which are used for bean creation at the startup and the same bean is used for all the AWS service interaction (which I believe is not a good practice).目前,我在属性文件中有用于在启动时创建 bean 的键,并且相同的 bean 用于所有 AWS 服务交互(我认为这不是一个好习惯)。
Can someone suggest the way to achieve this.有人可以建议实现这一目标的方法。
Firstly, you will need to create an IAM role that is usable by ecs.首先,您需要创建一个可供 ecs 使用的 IAM 角色。 Grant it the permissions you previously used with the IAM key.
授予它您之前用于 IAM 密钥的权限。
Then in your ECS task definition set the task execution role to the role ARN.然后在您的 ECS 任务定义中将任务执行角色设置为角色 ARN。
Finally make sure your code removes references to IAM key and IAM secret.最后确保您的代码删除对 IAM 密钥和 IAM 密钥的引用。 If these are not specified (and assuming you're using the SDK) then the SDK will check the IAM role credentials automatically.
如果未指定这些(假设您使用的是 SDK),则 SDK 将自动检查 IAM 角色凭证。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.