我们能否将 Amazon S3 IAM 策略传播到 FSx 以获得光泽文件系统?
[英]Can we propagate Amazon S3 IAM policies to FSx for lustre file system?
问题描述
I want to create a FSx for lustre file system backed by an Amazon S3 bucket and want to mount that on EC2.
我想为由 Amazon S3 存储桶支持的光泽文件系统创建 FSx,并希望将其安装在 EC2 上。
Now if I have created some IAM policies on Amazon S3 that who can do what with Amazon S3 buckets content.现在,如果我在 Amazon S3 上创建了一些 IAM 策略,谁可以对 Amazon S3 存储桶内容执行什么操作。 For example, not allowing write access to Amazon S3 bucket, will that be applicable in FSx for lustre file system also?例如,不允许对 Amazon S3 存储桶的写访问,这是否也适用于 FSx 的光泽文件系统?
If not how can I manage access rights on an EC2 machine created by some user to FSx file system,what user can list,read or write contents of that Amazon S3 bucket.如果不是,我如何管理某个用户创建的 EC2 机器对 FSx 文件系统的访问权限,哪些用户可以列出、读取或写入该 Amazon S3 存储桶的内容。
And how to manage access about who can propagate changes back to Amazon S3 and who can not?以及如何管理有关谁可以将更改传播回 Amazon S3 而谁不能的访问权限?
1 个解决方案
解决方案1
0 2021-06-10 20:54:38
will that be applicable in FSx for lustre file system also?
FSx IAM policies are independent of S3 IAM policies FSx IAM 策略独立于 S3 IAM 策略
how can I manage access rights on ec2 machines... to FSx?
Using FSx IAM policy.使用 FSx IAM 策略。 You either attach FSX IAM policy to IAM role attached to EC2 instance or to the IAM user configured on EC2 instance您可以将 FSX IAM 策略附加到附加到 EC2 实例的 IAM 角色或在 EC2 实例上配置的 IAM 用户
how to manage access about who can propagate changes back to S3 and who can not?
That should be handled by your FSx IAM role I guess?我猜这应该由您的 FSx IAM 角色处理?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.