将多个角色或配置文件附加到实例 [英] Attach multiple Roles or Profiles to an instance
问题描述
单个实例的角色限制是多少?我看到每个角色最多只能有20条策略,而且我的策略非常精细.
What's the limit for roles to a single instance? I see there's a limit of 20 policies per role and my policies are very granular.
我可以将多个角色或多个配置文件附加到一个实例上吗?
Can I have multiple roles or multiple profiles attached to my one instance?
我相信答案是否定的,并且我的当前设计被AWS封锁是有充分的理由的,这意味着我需要重新考虑政策.我正在使用terraform模块,每个模块的策略似乎很好地解决了问题,但AWS似乎不同意.
I believe the answer is no and that my present design is blocked by AWS for a very good reason which means I need to rethink the policies. I'm using terraform modules and a policy per module seemed like a good separation of concerns but AWS seems to disagree.
推荐答案
According to Terraform Docs an instance can have 1 profile linking 1 role to the instance (up to 20 policies -> 1 profile -> 1 roles -> many instances). So, if there are too many policies you can follow on of these paths:
-
将职责分配到不同的实例组中,并为每个组分配不同的角色.这将允许将20个策略附加到组A的实例角色,并将20个其他策略附加到组B的实例角色.
split the responsibilities across different group of instances with a different role assigned to each group. This will allow 20 policies attached to group A's instance role and 20 other policies attached to group B's instance role.
将许多较小的策略合并为较少的较大策略,然后将其附加到通过概要文件成为实例角色的角色.
consolidate the many smaller policies into a fewer larger policies which are then attached to a role which becomes the instance role via a profile.
roles-(不建议使用)要包含在配置文件中的角色名称列表.当前默认值为1.如果看到类似于无法超过InstanceSessionsPerInstanceProfile的配额的错误消息:1,则您必须联系AWS支持并要求增加限制.警告:自0.9.3版(2017年4月12日)起不推荐使用此方法,因为> = 2角色不可用.请参阅问题#11575.
roles - (Deprecated) A list of role names to include in the profile. The current default is 1. If you see an error message similar to Cannot exceed quota for InstanceSessionsPerInstanceProfile: 1, then you must contact AWS support and ask for a limit increase. WARNING: This is deprecated since version 0.9.3 (April 12, 2017), as >= 2 roles are not possible. See issue #11575.
这篇关于将多个角色或配置文件附加到实例的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
