IAM 角色未能授予 EC2 实例权限
[英]IAM role fails to give permission to an EC2 instance
问题描述
I want to run aws ec2 describe-instances in an AWS EC2.
我想在 AWS EC2 中运行aws ec2 describe-instances 。
So I attach an IAM role to the EC2.因此,我将 IAM 角色附加到 EC2。 This IAM role contains AmazonEC2FullAccess , and AmazonS3FullAccess permissions.此 IAM 角色包含AmazonEC2FullAccess和AmazonS3FullAccess权限。
I then execute aws ec2 describe-instances command in the EC2.然后我在 EC2 中执行aws ec2 describe-instances命令。
But I get You must specify a region. You can also configure your region by running "aws configure".但我知道You must specify a region. You can also configure your region by running "aws configure". You must specify a region. You can also configure your region by running "aws configure". as the return message.作为返回消息。
Why doesn't AmazonEC2FullAccess give the permissions required to run aws ec2... to the EC2?为什么AmazonEC2FullAccess不将运行aws ec2...所需的权限授予 EC2?
I can successfully run aws s3 ls command in the EC2.我可以在 EC2 中成功运行aws s3 ls命令。
This seems to imply that AmazonS3FullAccess successfully grants permission to the EC2, but AmazonEC2FullAccess fails to grant the permission.这似乎意味着AmazonS3FullAccess成功授予 EC2 权限,但AmazonEC2FullAccess未能授予权限。
1 个解决方案
解决方案1
1 已采纳 2020-08-11 07:51:43
The region is required for the AWS CLI: AWS CLI 需要该区域:
For example:例如:
aws ec2 describe-instances --region us-east-1
It worked for S3, because (I think) S3 bucket names have global scope.它适用于 S3,因为(我认为)S3 存储桶名称具有全局 scope。 Instances are regional only.实例仅是区域性的。
Similarly, you can run iam , route53 or cloudfront commands without region as they have global scope, eg同样,您可以在没有区域的情况下运行iam 、 route53或cloudfront命令,因为它们具有全局 scope,例如
aws iam list-users
aws route53 list-hosted-zones
aws cloudfront list-distributions
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.