If I already assigned an IAM role to my ec2 instance, and I want to use AWS CLI from that instance, why does it require me to put in the access/secret key, isn't that kind of redundant?
如果我已经为我的ec2实例分配了一个IAM角色,并且我想从该实例使用AWS CLI,为什么它要求我输入访问/密钥,这不是那种多余的?
2 个解决方案
#1
You don't need it. As the readme says:
你不需要它。正如自述文件所说:
The quickest way to get started is to run the aws configure command:
最快的入门方法是运行aws configure命令:
That doesn't mean it's the only way.
这并不意味着它是唯一的方式。
For IAM roles, you don't need to do anything, it'll work correctly out of the box:
对于IAM角色,您不需要做任何事情,它可以正常使用:
The final option for credentials is highly recommended if you are using aws-cli on an EC2 instance. IAM Roles are a great way to have credentials installed automatically on your instance. If you are using IAM Roles, aws-cli will find them and use them automatically.
如果您在EC2实例上使用aws-cli,强烈建议使用凭据的最终选项。 IAM角色是在您的实例上自动安装凭据的好方法。如果您正在使用IAM角色,aws-cli将找到它们并自动使用它们。
(also from the readme).
(也来自自述)。
#2
You are not required to enter an access key/secret key.
您无需输入访问密钥/密钥。
The AWS documentation for Configuring the AWS CLI tells us the following about the credentials provider chain:
配置AWS CLI的AWS文档告诉我们以下有关凭证提供程序链的信息:
The AWS CLI looks for credentials and configuration settings in the following order:
AWS CLI按以下顺序查找凭据和配置设置:
- Command Line Options –
region
,output
format andprofile
can be specified as command options to override default settings.命令行选项 - 可以将区域,输出格式和配置文件指定为命令选项以覆盖默认设置。
- Environment Variables –
AWS_ACCESS_KEY_ID
,AWS_SECRET_ACCESS_KEY
, etc.环境变量 - AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY等
- The AWS credentials file – located at
~/.aws/credentials
on Linux, OS X, or Unix, or atC:\Users\USERNAME\.aws\credentials
on Windows. This file can contain multiple named profiles in addition to a default profile.AWS凭证文件 - 位于Linux,OS X或Unix上的〜/ .aws /凭证,或Windows上的C:\ Users \ USERNAME \ .aws \凭证。除默认配置文件外,此文件还可以包含多个命名配置文件。
- The CLI configuration file – typically located at
~/.aws/config
on Linux, OS X, or Unix, or atC:\Users\USERNAME\.aws\config
on Windows. This file can contain a default profile, named profiles, and CLI specific configuration parameters for each.CLI配置文件 - 通常位于Linux,OS X或Unix上的〜/ .aws / config,或Windows上的C:\ Users \ USERNAME \ .aws \ config。此文件可以包含默认配置文件,命名配置文件以及每个配置文件的CLI特定配置参数。
- Instance profile credentials – these credentials can be used on EC2 instances with an assigned instance role, and are delivered through the Amazon EC2 metadata service.
实例配置文件凭据 - 这些凭据可用于具有指定实例角色的EC2实例,并通过Amazon EC2元数据服务提供。
If you configure credentials then these will be used, however configure nothing and you should be good to go with your existing Instance Profile and IAM Role.
如果您配置凭据,那么将使用这些凭据,但是不进行任何配置,您最好使用现有的实例配置文件和IAM角色。