授予 S3 访问 Elastic Beanstalk 实例的权限 [英] Grant S3 access to Elastic Beanstalk instances

问题描述

我正在尝试使用私有 S3 存储桶中的一些 ssh 密钥在 Elastic Beanstalk 中配置我的 EC2 实例.这是我的 .ebextensions/.config 的片段:

I'm trying to provision my EC2 instances in Elastic Beanstalk with some ssh keys from a private S3 bucket. Here's a snippet of my .ebextensions/.config:

files:
  "/root/.ssh/id_rsa" :
    mode: "000400"
    ownder: root
    group: root
    source: https://s3-us-west-2.amazonaws.com/<bucket>/<app>_id_rsa

不幸的是，我收到了来自 S3 的 403 响应.有没有办法使用安全组授予对 EC2 实例的访问权限?我无法单独授予每个实例访问权限，因为在扩展之前我不知道它们的 IP.是否有其他方法可以仅授予此 Elastic Beanstalk 应用程序访问权限?我在想出一个好的 S3 存储桶策略时遇到了麻烦...

Unfortunately, I'm getting a 403 response from S3. Is there a way to grant access to the EC2 instances using a Security Group? I can't grant each instance access individually as I won't know their IPs before they are scaled. Is there some other way to grant just this Elastic Beanstalk app access? I'm having trouble coming up with a good S3 Bucket Policy...

推荐答案

您可以为 S3 访问设置 IAM 角色并将 IAM 角色分配给 EC2.

You can setup a IAM Role for S3 access and assign the IAM Role to EC2.

Amazon EC2 的 IAM 角色

这篇关于授予 S3 访问 Elastic Beanstalk 实例的权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！