当我创建一个我的EC2/Beanstalk实例应该可以访问S3的新角色时,应该使用EC2还是Elastic Beanstalk? [英] Should I use EC2 or Elastic Beanstalk when I am creating a new role where my EC2 / Beanstalk instances should have access to S3?
问题描述
此链接说
创建IAM角色
打开IAM控制台.
在导航窗格中,选择角色",然后选择创建新角色".
输入角色名称,然后选择下一步".请记住该名称,因为在启动Amazon EC2实例时将需要它.
在选择角色类型"页面上的"AWS服务角色"下,选择"Amazon EC2".
在设置权限"页面上的选择策略模板"下,选择"Amazon S3只读访问",然后选择下一步".
在审阅"页面上,选择创建角色".
但是,当您单击创建新角色"时,系统将询问您以下内容
他们说选择将使用此角色的服务"
a)在ElasticBeanStalk中启动一个应用程序后,该应用程序又创建一个Ec2实例,我应该选择 Ec2服务还是 Elastic beanstalk服务?
您正在创建EC2实例角色,因此要选择的服务是EC2,而不管实例是否由Elastic Beanstalk产生和管理./p>
使用实例角色,您的实例可以连续访问一组自动旋转的临时凭据,该凭据可用于访问角色策略授予访问权限的任何服务.
在这里,您正在授予EC2服务权限,以代表您的实例实际获取这些临时凭证.
This link says
To create the IAM role
Open the IAM console.
In the navigation pane, select Roles, then Create New Role.
Enter a name for the role, then select Next Step. Remember this name, since you'll need it when you launch your Amazon EC2 instance.
On the Select Role Type page, under AWS Service Roles, select Amazon EC2.
On the Set Permissions page, under Select Policy Template, select Amazon S3 Read Only Access, then Next Step.
On the Review page, select Create Role.
But when you click "Create New Role", you will be asked as follows
They say "choose a service that will use this role"
a) As you launch an app in ElasticBeanStalk which in turn creates an Ec2 instance , should I select Ec2 service or Elastic beanstalk service?
You are creating an EC2 instance role, so the service to select is EC2, regardless of whether or not the instances are being spawned and managed by Elastic Beanstalk.
With an instance role, your instance has continuous access to a set of automatically-rotated temporary credentials that it can use to access whatever services the role policies grant access to.
Here, you are granting the EC2 service permission to actually obtain those temporary credentials on behalf of your instance.
这篇关于当我创建一个我的EC2/Beanstalk实例应该可以访问S3的新角色时,应该使用EC2还是Elastic Beanstalk?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
