是否可以为 ECS 任务配置 IAM 角色?
Is it possible to configure an IAM role for an ECS task ?
我需要进行一些初始化,需要在我的 docker 入口点期间访问某些 AWS 资源。
我的应用程序还可以对 AWS 进行基于角色的隐式访问,而不是在应用程序配置中配置密钥对。
IAM 角色如何在任务中发挥作用?我只能在 ECS 容器实例上找到 IAM 角色文档。
ECS 任务将采用给定容器的 IAM Role/Instance 配置文件。没有分配不同 IAM 角色的任务级别方法。
Amazon ECS Container Instance IAM Role
The Amazon ECS container agent makes calls to the Amazon ECS API
actions on your behalf, so container instances that run the agent
require an IAM policy and role for the service to know that the agent
belongs to you. Before you can launch container instances and register
them into a cluster, you must create an IAM role for those container
instances to use when they are launched. This requirement applies to
container instances launched with the Amazon ECS-optimized AMI
provided by Amazon, or with any other instances that you intend to run
the agent on.
自从版本 1.11.0 ECS 容器代理支持任务 IAM 角色,因此接受的答案不再正确。不过,我怀疑它首先是什么,因为 ECS container instance 是一个托管 Docker 容器实例并由 ECS 容器代理管理的 EC2 实例。
With IAM roles for Amazon ECS tasks, you can specify an IAM role that can be used by the containers in a task. Applications must sign their AWS API requests with AWS credentials, and this feature provides a strategy for managing credentials for your applications to use, similar to the way that Amazon EC2 instance profiles provide credentials to EC2 instances.
我需要进行一些初始化,需要在我的 docker 入口点期间访问某些 AWS 资源。
我的应用程序还可以对 AWS 进行基于角色的隐式访问,而不是在应用程序配置中配置密钥对。
IAM 角色如何在任务中发挥作用?我只能在 ECS 容器实例上找到 IAM 角色文档。
ECS 任务将采用给定容器的 IAM Role/Instance 配置文件。没有分配不同 IAM 角色的任务级别方法。
Amazon ECS Container Instance IAM Role
The Amazon ECS container agent makes calls to the Amazon ECS API actions on your behalf, so container instances that run the agent require an IAM policy and role for the service to know that the agent belongs to you. Before you can launch container instances and register them into a cluster, you must create an IAM role for those container instances to use when they are launched. This requirement applies to container instances launched with the Amazon ECS-optimized AMI provided by Amazon, or with any other instances that you intend to run the agent on.
自从版本 1.11.0 ECS 容器代理支持任务 IAM 角色,因此接受的答案不再正确。不过,我怀疑它首先是什么,因为 ECS container instance 是一个托管 Docker 容器实例并由 ECS 容器代理管理的 EC2 实例。
With IAM roles for Amazon ECS tasks, you can specify an IAM role that can be used by the containers in a task. Applications must sign their AWS API requests with AWS credentials, and this feature provides a strategy for managing credentials for your applications to use, similar to the way that Amazon EC2 instance profiles provide credentials to EC2 instances.