授予S3对Elastic Beanstalk实例的访问权限 [英] Grant S3 access to Elastic Beanstalk instances
问题描述
我正在尝试使用来自私有S3存储桶的一些ssh密钥在Elastic Beanstalk中配置EC2实例.这是我的.ebextensions/.config的片段:
I'm trying to provision my EC2 instances in Elastic Beanstalk with some ssh keys from a private S3 bucket. Here's a snippet of my .ebextensions/.config:
files:
"/root/.ssh/id_rsa" :
mode: "000400"
ownder: root
group: root
source: https://s3-us-west-2.amazonaws.com/<bucket>/<app>_id_rsa
不幸的是,我收到S3的403响应.有没有一种使用安全组来授予对EC2实例的访问权限的方法?我无法单独授予每个实例访问权限,因为在扩展它们之前我不知道它们的IP.还有其他方法可以仅授予此Elastic Beanstalk应用访问权限吗?我在制定好的S3存储桶策略方面遇到困难...
Unfortunately, I'm getting a 403 response from S3. Is there a way to grant access to the EC2 instances using a Security Group? I can't grant each instance access individually as I won't know their IPs before they are scaled. Is there some other way to grant just this Elastic Beanstalk app access? I'm having trouble coming up with a good S3 Bucket Policy...
推荐答案
您可以设置用于S3访问的IAM角色,并将IAM角色分配给EC2.
You can setup a IAM Role for S3 access and assign the IAM Role to EC2.