问题描述

如何在EC2实例中使用现有的IAM角色，而不是在CloudFormation模板中创建一个新角色？

How can I use an existing IAM role for an EC2 instance, as opposed to creating a new one in my CloudFormation template?

例如，我创建了一个角色，而只想使用它。

For example, I have created a role in AWS Console and just want to use that.

推荐答案

您需要实例配置文件，角色和实例信息（

You need an instance profile, a role, and the instance info (or launch configuration) itself.

您的实例配置文件如下所示：

Your instance profile would look like this:

"Resources" : {
  "InstanceProfile" : {
    "Type" : "AWS::IAM::InstanceProfile",
    "Properties" : {
      "Path" : "/",
      "Roles" : ["MyExistingRole"]
    }
  },

  "Instance" : {
    "Type" : "AWS::EC2::Instance",
    "Properties" : {
      "IamInstanceProfile" : {"Ref" : "InstanceProfile"}
      ...
    }
  }

尤其要注意-实例配置文件中的引用到现有的RoleName

In particular - note that the reference in the Instance profile is to an existing RoleName

也-我写过有关引导实例的文章它将使用实例配置文件和角色来确保我们不保持安全性。

Also - I've written about bootstrapping instances which uses instance profiles and roles to ensure we're not persisting security.

关键是要使用{而不是使用{ Ref：RoleName}等角色的实际名称。

The key thing is rather than using the {"Ref" : RoleName} etc, to use the actual name of the role.

这篇关于将现有IAM角色与CloudFormation中的EC2实例相关联的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！