Cloudwatch API:如何使用多个 AWS 账户
Cloudwatch API: How to use multiple AWS accounts
我正在尝试获取帐户的 ec2 实例的 cpu 利用率。我的代码如下。
def GetRegions():
return array of regions
def getEC2InstanceID(RegionName):
cloudwatch = boto3.client('cloudwatch', region_name=RegionName)
response = cloudwatch.get_metric_statistics(
.
.
.)
returns array of ec2instanceID
def EC2_Average_Utilization(InstanceID, RegionName):
returns avg cpuusage
def main():
regions= GetRegions()
for i in range(len(regions)):
print(regions[i])
instance_id = getEC2InstanceID(regions[i])
print(instance_id) # prints all the instances if there is any
if (type(instance_id)==list):
for j in range(len(instance_id)):
print(instance_id[j])
print ("For InstanceID "+ instance_id[j] + ":")
EC2_Average_Utilization(instance_id[j], regions[i])
此代码在一个帐户下的所有区域都可以完美执行。如果我想为多个 AWS 账户做同样的事情,程序是什么?
n.b 我已经看到通过在 .aws/credentials 中的每个帐户下创建多个配置文件来配置 .aws/config,但是当我在代码中生成区域时,我不想指定它们。
您将需要使用一个 boto3 Session 对象、'Security Token Service (STS)',并为每个 account/region 组合调用 assume_role。效果与命名配置文件相同 - 您需要在每个帐户中拥有一个角色,该角色具有足够的权限来调用 API 方法(EC2、CloudWatch 等)。此外,目标角色需要与原始帐户凭据建立信任关系。
sts = boto3.client('sts')
#this is called with your default credentials. Target roles need to trust this identity
creds = sts.assume_role(RoleArn='...', RoleSessionName='...')
# set up a session w/ the temporary credentials
session = boto3.Session(
aws_access_key_id=creds['Credentials']['AccessKeyId'],
aws_secret_access_key=creds['Credentials']['SecretAccessKey'],
aws_session_token=creds['Credentials']['SessionToken']
region_name='...')
# all subsequent clients/resources should be instantiated from the session object
cloudwatch = session.client('cloudwatch')
希望对您有所帮助。
我正在尝试获取帐户的 ec2 实例的 cpu 利用率。我的代码如下。
def GetRegions():
return array of regions
def getEC2InstanceID(RegionName):
cloudwatch = boto3.client('cloudwatch', region_name=RegionName)
response = cloudwatch.get_metric_statistics(
.
.
.)
returns array of ec2instanceID
def EC2_Average_Utilization(InstanceID, RegionName):
returns avg cpuusage
def main():
regions= GetRegions()
for i in range(len(regions)):
print(regions[i])
instance_id = getEC2InstanceID(regions[i])
print(instance_id) # prints all the instances if there is any
if (type(instance_id)==list):
for j in range(len(instance_id)):
print(instance_id[j])
print ("For InstanceID "+ instance_id[j] + ":")
EC2_Average_Utilization(instance_id[j], regions[i])
此代码在一个帐户下的所有区域都可以完美执行。如果我想为多个 AWS 账户做同样的事情,程序是什么?
n.b 我已经看到通过在 .aws/credentials 中的每个帐户下创建多个配置文件来配置 .aws/config,但是当我在代码中生成区域时,我不想指定它们。
您将需要使用一个 boto3 Session 对象、'Security Token Service (STS)',并为每个 account/region 组合调用 assume_role。效果与命名配置文件相同 - 您需要在每个帐户中拥有一个角色,该角色具有足够的权限来调用 API 方法(EC2、CloudWatch 等)。此外,目标角色需要与原始帐户凭据建立信任关系。
sts = boto3.client('sts')
#this is called with your default credentials. Target roles need to trust this identity
creds = sts.assume_role(RoleArn='...', RoleSessionName='...')
# set up a session w/ the temporary credentials
session = boto3.Session(
aws_access_key_id=creds['Credentials']['AccessKeyId'],
aws_secret_access_key=creds['Credentials']['SecretAccessKey'],
aws_session_token=creds['Credentials']['SessionToken']
region_name='...')
# all subsequent clients/resources should be instantiated from the session object
cloudwatch = session.client('cloudwatch')
希望对您有所帮助。