加壳安全组查询
[英]Packer security group query
问题描述
I want to restrict all the team members to use a specific group (SG_TS) while creating an AWS Ec2 instance from AMI build using Packer.
我想限制所有团队成员在使用 Packer 从 AMI 构建创建 AWS Ec2 实例时使用特定组 (SG_TS)。 Is there any way to do so using Packer?有什么办法可以使用 Packer 吗?
While creating an AMI from Packerin Packers Builders section, I am giving security group as mentioned below:在从 Packerin Packers Builders 部分创建 AMI 时,我提供了如下所述的安全组:
"security_group_id":"xxxxxxxx" “security_group_id”:“xxxxxxxx”
But I think above security group ID will be used for SSH by the packer.但我认为上面的安全组 ID 将被加壳程序用于 SSH。 When I create an EC2 instance from the BUILD AMI, it's asking again for the Security group while configuring Ec2 instance.当我从 BUILD AMI 创建 EC2 实例时,它在配置 Ec2 实例时再次询问安全组。 It's not picking the security group defined in AMI.它没有选择 AMI 中定义的安全组。
Please let me know how this can be implemented?请让我知道如何实施?
1 个解决方案
解决方案1
0 2020-12-31 01:12:30
When users launch an instance from AMI, they control security groups and other related parameters.当用户从 AMI 启动实例时,他们控制安全组和其他相关参数。
If you want to restrict their control, wrap instance creation process in Cloudformation template (hardcode SG ID there), or create service catalog product (which is one step more involved than CF template, but allows for more granular access control).如果您想限制他们的控制,请将实例创建过程包装在 Cloudformation 模板中(在那里硬编码 SG ID),或者创建服务目录产品(这比 CF 模板涉及更多步骤,但允许更细粒度的访问控制)。
Also, you might want to remove SG ID from your question, since this is not something any third party should know.另外,您可能想从问题中删除 SG ID,因为这不是任何第三方都应该知道的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.