如何通过不带.pem文件或替代.pem文件的AWS Lambda使用pysftp连接EC2 [英] How to connect EC2 using pysftp via AWS Lambda without .pem file or alternate to .pem file

问题描述

我想通过AWS Lambda使用pysftp库连接EC2.我使用下面的代码进行连接.

I want to connect EC2 using pysftp library via AWS Lambda. I use below code to connect.

mysftp = pysftp.Connection(
    host=Constants.MY_HOST_NAME,
    username=Constants.MY_EC2_INSTANCE_USERNAME,
    private_key="./clientiot.pem",
    cnopts=cnopts,
)

我已将.pem文件和部署包放在AWS Lambda中.看到这张图片:

I have put .pem file along with deployment package in AWS Lambda. See this image:

有时它有时无法工作，就像有时它说未找到.pem文件.

Sometimes it works sometime not, like sometimes it says .pem file not found.

"[Errno 2] No such file or directory: './clientiot.pem'"

如何处理?有什么方法可以安全地访问.pem文件或.pem文件的数据.

How to deal with it? Is there any way to access .pem file or data of .pem file securely.

我不希望在AWS Lambda中使用.pem.

I don't want .pem in AWS lambda.

推荐答案

如果直接使用Paramiko(pysftp只是Paramiko的薄包装)，则可以将密钥硬编码到代码中，而不会遇到麻烦外部资源:
通过Paramiko通过SSH/SCP(带有字符串键)

If you use Paramiko directly (pysftp is just a thin wrapper around Paramiko), you can hard-code the key into your code and you won't have troubles with external resources:
SSH/SCP through Paramiko with key in string

有关在Lambda任务中引用文件的信息，请参见:
AWS Lambda读取作为源代码上传的zip格式的文件内容

For referring to files in your Lambda task, see:
AWS Lambda read contents of file in zip uploaded as source code

所以这应该起作用:

private_key = os.environ['LAMBDA_TASK_ROOT'] + "/clientiot.pem"

这篇关于如何通过不带.pem文件或替代.pem文件的AWS Lambda使用pysftp连接EC2的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！