阅读背景:

为什么AWS CLI需要访问/密钥?

来源:互联网 

If I already assigned an IAM role to my ec2 instance, and I want to use AWS CLI from that instance, why does it require me to put in the access/secret key, isn't that kind of redundant?

如果我已经为我的ec2实例分配了一个IAM角色,并且我想从该实例使用AWS CLI,为什么它要求我输入访问/密钥,这不是那种多余的?

2 个解决方案

#1


You don't need it. As the readme says:

你不需要它。正如自述文件所说:

The quickest way to get started is to run the aws configure command:

最快的入门方法是运行aws configure命令:

That doesn't mean it's the only way.

这并不意味着它是唯一的方式。

For IAM roles, you don't need to do anything, it'll work correctly out of the box:

对于IAM角色,您不需要做任何事情,它可以正常使用:

The final option for credentials is highly recommended if you are using aws-cli on an EC2 instance. IAM Roles are a great way to have credentials installed automatically on your instance. If you are using IAM Roles, aws-cli will find them and use them automatically.

如果您在EC2实例上使用aws-cli,强烈建议使用凭据的最终选项。 IAM角色是在您的实例上自动安装凭据的好方法。如果您正在使用IAM角色,aws-cli将找到它们并自动使用它们。

(also from the readme).

(也来自自述)。

#2


You are not required to enter an access key/secret key.

您无需输入访问密钥/密钥。

The AWS documentation for Configuring the AWS CLI tells us the following about the credentials provider chain:

配置AWS CLI的AWS文档告诉我们以下有关凭证提供程序链的信息:

The AWS CLI looks for credentials and configuration settings in the following order:

AWS CLI按以下顺序查找凭据和配置设置:

  • Command Line Optionsregion, output format and profile can be specified as command options to override default settings.
  • 命令行选项 - 可以将区域,输出格式和配置文件指定为命令选项以覆盖默认设置。

  • Environment VariablesAWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, etc.
  • 环境变量 - AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY等

  • The AWS credentials file – located at ~/.aws/credentials on Linux, OS X, or Unix, or at C:\Users\USERNAME\.aws\credentials on Windows. This file can contain multiple named profiles in addition to a default profile.
  • AWS凭证文件 - 位于Linux,OS X或Unix上的〜/ .aws /凭证,或Windows上的C:\ Users \ USERNAME \ .aws \凭证。除默认配置文件外,此文件还可以包含多个命名配置文件。

  • The CLI configuration file – typically located at ~/.aws/config on Linux, OS X, or Unix, or at C:\Users\USERNAME\.aws\config on Windows. This file can contain a default profile, named profiles, and CLI specific configuration parameters for each.
  • CLI配置文件 - 通常位于Linux,OS X或Unix上的〜/ .aws / config,或Windows上的C:\ Users \ USERNAME \ .aws \ config。此文件可以包含默认配置文件,命名配置文件以及每个配置文件的CLI特定配置参数。

  • Instance profile credentials – these credentials can be used on EC2 instances with an assigned instance role, and are delivered through the Amazon EC2 metadata service.
  • 实例配置文件凭据 - 这些凭据可用于具有指定实例角色的EC2实例,并通过Amazon EC2元数据服务提供。

If you configure credentials then these will be used, however configure nothing and you should be good to go with your existing Instance Profile and IAM Role.

如果您配置凭据,那么将使用这些凭据,但是不进行任何配置,您最好使用现有的实例配置文件和IAM角色。


分享到: