带有AWS EC2实例并使用实例配置文件的s3fs [英] s3fs with aws ec2 instance and using instance profiles

问题描述

据我所知，用s3fs挂载s3存储桶的唯一方法是使用在支持各种文件位置的文件中指定的 accesskey:secretkey .

As far as I can tell the only way to mount an s3 bucket with s3fs is to use an accesskey:secretkey specified in a file with various file locations supported.

但是，如果我是ec2实例，则在具有实例配置文件的本地s3帐户中，我只想使用可用的实例配置文件凭据.有谁知道使用实例配置文件的方式，而不必在本地文件系统中设置凭据?如果没有，那么正在努力支持该功能的人还会继续吗?

However, if I'm an ec2 instance, in the local s3 account, with an instance profile, I just want to use the instance profile credentials that are available. Does anyone know of a way to use an instance profile, and not have to set credentials in the local file system? If not, is anyone working on supporting this feature going forward?

谢谢

推荐答案

一旦/如果您具有附加到EC2实例的角色，则可以在/etc/fstab 在启动时自动安装S3存储桶:

Once/if you have a role that is attached to the EC2 instance, you can then add the following entry in /etc/fstab to automatically mount the S3 bucket on boot:

s3fs#bucketname /PATHtoLocalMount fuse _netdev,iam_role=nameofiamrolenoquotes

自然地，您必须安装 s3fs (就像从问题中判断的那样)，并且角色策略必须授予对S3存储桶的适当(可能是完全)访问.从某种意义上说，这是很好的，不需要在实例上存储IAM凭据(=更安全，因为无法在附加到角色的实例外部使用角色访问，而IAM凭据可以使用).

Naturally, you have to have s3fs installed (as you do judging from the question), and the role policy must grant the appropriate (probably full) access to the S3 bucket. This is great in the sense that no IAM credentials need to be stored on the instance (=safer, because the role access cannot be used outside the instance attached to the role, while the IAM credentials can).

这篇关于带有AWS EC2实例并使用实例配置文件的s3fs的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！