在 AWS 上运行 python 脚本,该脚本只能由单个 IAM 用户执行
[英]Running a python script on AWS which is executable by a single IAM user only
问题描述
I have a python script whose boto3 operations/function calls must be restricted to a single IAM user which has extremely limited access.
我有一个 python 脚本,其 boto3 操作/函数调用必须仅限于访问权限极其有限的单个 IAM 用户。 My understanding is that the execution of the script depends on the configured profile for AWS CLI.我的理解是脚本的执行取决于为 AWS CLI 配置的配置文件。 Would that sort of restriction have to done inside the script?这种限制是否必须在脚本内完成?
1 个解决方案
解决方案1
2 2021-11-26 10:02:46
The script could be created as a AWS Lambda function.该脚本可以创建为 AWS Lambda function。 Only the single IAM user should then be given access to execute that function.然后,应仅授予单个 IAM 用户执行该 function 的权限。
Another script can be written to invoke that Lambda ( boto3.client("lambda").invoke() ).可以编写另一个脚本来调用 Lambda ( boto3.client("lambda").invoke() )。 Anyone can execute that script, but anyone but the right user will get an AccessPermissions error.任何人都可以执行该脚本,但除了正确的用户之外的任何人都会收到 AccessPermissions 错误。
Note:笔记:
- There are limitations on the execution time/memory allocation for AWS lambdas, which might make this a bad solution for your current script. AWS lambdas 的执行时间/内存分配存在限制,这可能使其成为您当前脚本的糟糕解决方案。 That really depends on what your script exactly does.这真的取决于你的脚本究竟做了什么。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.