问题描述
我正在尝试使用私有 S3 存储桶中的一些 ssh 密钥在 Elastic Beanstalk 中配置我的 EC2 实例.这是我的 .ebextensions/.config 的片段:
I'm trying to provision my EC2 instances in Elastic Beanstalk with some ssh keys from a private S3 bucket. Here's a snippet of my .ebextensions/.config:
files:
"/root/.ssh/id_rsa" :
mode: "000400"
ownder: root
group: root
source: https://s3-us-west-2.amazonaws.com/<bucket>/<app>_id_rsa
不幸的是,我收到了来自 S3 的 403 响应.有没有办法使用安全组授予对 EC2 实例的访问权限?我无法单独授予每个实例访问权限,因为在扩展之前我不知道它们的 IP.是否有其他方法可以仅授予此 Elastic Beanstalk 应用程序访问权限?我在想出一个好的 S3 存储桶策略时遇到了麻烦...
Unfortunately, I'm getting a 403 response from S3. Is there a way to grant access to the EC2 instances using a Security Group? I can't grant each instance access individually as I won't know their IPs before they are scaled. Is there some other way to grant just this Elastic Beanstalk app access? I'm having trouble coming up with a good S3 Bucket Policy...
推荐答案
您可以为 S3 访问设置 IAM 角色并将 IAM 角色分配给 EC2.
You can setup a IAM Role for S3 access and assign the IAM Role to EC2.
这篇关于授予 S3 访问 Elastic Beanstalk 实例的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!