Azure vms的实例角色 [英] Instance roles for Azure vms
问题描述
基本上我正在尝试使用以下AWS模式实现Azure:
-
将一个IAM角色分配给一个Vm(等效的Aws实例) -
允许此角色以只读方式访问某个容器(AWS桶等效)并从那里下载 -
创建一个具有固定密码和用户名的机器用户,该用户具有上传者角色(我在此假设的贡献者)到存储帐户/容器
如何使用Azure?
在存储帐户中/ IAM /添加/尝试添加为vm分配角色会收到以下消息/错误
" 此资源组中的虚拟机都不能被分配访问权限。"(试图上传图像,但是被阻止了。这个
糟糕的经历是多么典型
虽然我当然有vms。
我也找不到用固定密码为上传者创建"机器用户"的方法我需要经历所有关于手动记录创建用户的麻烦,更改密码等等。
使用 基于角色的
访问控制(RBAC) ,您可以在您的团队中分离职责,并仅授予您在VM上执行其工作所需的访问权限。而不是在
VM上授予每个人不受限制的权限,您只能允许某些操作。您可以在 Azure
portal ,使用 Azure CLI 或 Azure
PowerShell 。
共享访问签名(SAS)为您提供了一种方法,可以将存储帐户中对象的有限访问权限授予其他客户,而不会泄露您的帐户
key 。
有关更多信息,请参阅:
使用共享访问签名(SAS)
Basically I'm trying to implement with Azure the following AWS pattern:
- Assign an IAM role to an Vm (Aws instance equivalent)
- Allow this role to access a certain container (AWS bucket equivalent) as read only and download from there
- Create a machine user with a fixed password and username that would have an uploader role (Contributor I suppose here) to the storage account/container
How it this possible with Azure?
In the storage account/IAM/add/ trying to add assign a role to a vm gets the following message/error
"No virtual machines in this resource group can be assigned access." (Tried to upload an image, but was blocked. how typical for this bad experience)
While I do have vms of course.
Also I can't find a way to just create a "machine user" for the uploader with a fixed password. And I need to go through all the hass of manually logging as the created user, changing the password, etc解决方案Using role-based access control (RBAC), you can segregate duties within your team and grant only the amount of access to users on your VM that they need to perform their jobs. Instead of giving everybody unrestricted permissions on the VM, you can allow only certain actions. You can configure access control for the VM in the Azure portal, using the Azure CLI, orAzure PowerShell.
A shared access signature (SAS) provides you with a way to grant limited access to objects in your storage account to other clients, without exposing your account key.
For more information refer: Using shared access signatures (SAS)
这篇关于Azure vms的实例角色的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
