[英]Running a python script on AWS which is executable by a single IAM user only
I have a python script whose boto3 operations/function calls must be restricted to a single IAM user which has extremely limited access.我有一个 python 脚本,其 boto3 操作/函数调用必须仅限于访问权限极其有限的单个 IAM 用户。 My understanding is that the execution of the script depends on the configured profile for AWS CLI.我的理解是脚本的执行取决于为 AWS CLI 配置的配置文件。 Would that sort of restriction have to done inside the script?这种限制是否必须在脚本内完成?
The script could be created as a AWS Lambda function.该脚本可以创建为 AWS Lambda function。 Only the single IAM user should then be given access to execute that function.然后,应仅授予单个 IAM 用户执行该 function 的权限。
Another script can be written to invoke that Lambda ( boto3.client("lambda").invoke()
).可以编写另一个脚本来调用 Lambda ( boto3.client("lambda").invoke()
)。 Anyone can execute that script, but anyone but the right user will get an AccessPermissions error.任何人都可以执行该脚本,但除了正确的用户之外的任何人都会收到 AccessPermissions 错误。
Note:笔记:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.