堆栈内存溢出
  简体   繁体   English

如何在 AWS CloudShell 中创建配置文件以访问不同的角色?

[英]How can I create profiles in the AWS CloudShell to access different roles?

 原文  2021-04-28 15:38:12       amazon-web-services/ aws-cli/ aws-cloudshell

问题描述

The new CloudShell service from AWS allows me to get a CLI session directly within the browser. AWS 的新CloudShell服务允许我直接在浏览器中获取 CLI session。 In this session, I am acting under my currently active role:在这个 session 中,我正在扮演我目前活跃的角色:

$ aws sts get-caller-identity
{
    "UserId": "AROA2MDGRZUIRD434HHAF:johndoe",
    "Account": "123456789012",
    "Arn": "arn:aws:sts::123456789012:assumed-role/myrole/johndoe"
}

I can assume another role from myrole as expected:我可以按预期从myrole担任另一个角色:

$ aws sts assume-role --role-arn arn:aws:iam::123456789012:role/otherRole --role-session-name mySession123
{
    "Credentials": {
        "AccessKeyId": "ASIA...",
        "SecretAccessKey": "...",
        "SessionToken": "...",
        "Expiration": "2021-04-28T16:29:55+00:00"
    },
    "AssumedRoleUser": {
        "AssumedRoleId": "AROA...:mySession123",
        "Arn": "arn:aws:sts::123456789012:assumed-role/otherRole/mySession123"
    }
}

Now I want to configure a CLI profile to use otherRole .现在我想配置一个 CLI 配置文件以使用otherRole I tried an entry like this:我尝试了这样的条目:

[profile otherRole]
role_arn = arn:aws:iam::123456789012:role/otherRole

but this causes an error, because I have to specify either a credential_source or a source_profile .但这会导致错误,因为我必须指定credential_sourcesource_profile

From an EC2 instance with a service role I would set credential_source=Ec2InstanceMetadata but this doesn't work here.从具有服务角色的 EC2 实例中,我将设置credential_source=Ec2InstanceMetadata但这在这里不起作用。 Setting source_profile to default also causes an error:source_profile设置为default也会导致错误:

The source profile "default" must have credentials.

How can I create a CLI-profile within the AWS CloudShell to persistentely assume another role?如何在 AWS CloudShell 中创建 CLI 配置文件以持久承担另一个角色?

1 个解决方案

解决方案1
 0 已采纳  2021-04-29 12:47:51

I found the answer to be documented here .我发现答案记录在这里 CloudShell ist not using EC2 instances but is rather running in an ECS based container. CloudShell不使用 EC2 实例,而是在基于 ECS 的容器中运行。 Thus setting the credential_source to EcsContainer does the trick:因此将credential_source设置为EcsContainer就可以了:

[profile otherRole]
credential_source=EcsContainer
role_arn=arn:aws:iam::123456789012:role/otherRole

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 AWS CloudShell 中安装 npm? - How to npm install in AWS CloudShell? 如何将 ssh 与 AWS ssm 会话和多配置文件一起使用? - How can I use ssh with AWS ssm sessions and multi profiles? 获取具有其aws访问密钥的用户角色(或者我可以在我的业务逻辑中使用IAM角色) - Get a users roles having their aws access key (or can I use IAM roles in my business logic) 如何使用 AWS Cognito 创建 2 种不同类型的用户? - How can I create 2 different type of users using AWS Cognito? 我可以使用 aws 角色验证 rabbitmq 连接吗?如何? - Can I authenticate rabbitmq connection using aws roles, and how? 如何为其他AWS帐户上的服务创建IAM策略? - How can i create an iam policy for a service on a different aws account? 如何分配未经身份验证的AWS Cognito用户池角色? - How can I assign AWS Cognito User Pools unauthenticated roles? 如何生成我的所有 IAM 角色以及在 AWS 上使用这些角色的服务的列表 - How can I generate a list of all my IAM roles and the services using those roles on AWS 如何将 AWS 角色与 Packer 一起使用来创建 AMI - How to use AWS roles with Packer to create AMIs 目标:我试图通过使用IAM角色(通过S3存储桶)访问不同的网页,在使用AWS的Web应用程序中实现两个不同的角色 - Goal: I am trying to implement two different roles on my web application using AWS by using IAM roles to access different web pages (via S3 buckets)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM