为什么 AWS CLI 需要 access/secret 键?
Why does AWS CLI need access/secret key?
如果我已经为我的 ec2 实例分配了一个 IAM 角色,并且我想从该实例使用 AWS CLI,为什么它要求我输入 access/secret 键,不是那种吗多余?
你不需要它。 As the readme says:
The quickest way to get started is to run the aws configure command:
这并不意味着这是唯一的方法。
对于 IAM 角色,您无需执行任何操作,开箱即用:
The final option for credentials is highly recommended if you are using aws-cli on an EC2 instance. IAM Roles are a great way to have credentials installed automatically on your instance. If you are using IAM Roles, aws-cli will find them and use them automatically.
(也来自自述文件)。
您不需要输入访问key/secret密钥。
Configuring the AWS CLI 的 AWS 文档告诉我们以下有关凭据的信息 提供商链:
The AWS CLI looks for credentials and configuration settings in the
following order:
- Command Line Options –
region, output format and profile can be specified as command options to override default settings.
- Environment Variables –
AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, etc.
- The AWS credentials file – located at
~/.aws/credentials on Linux, OS X, or Unix, or at C:\Users\USERNAME\.aws\credentials on
Windows. This file can contain multiple named profiles in addition to
a default profile.
- The CLI configuration file – typically located at
~/.aws/config on Linux, OS X, or Unix, or at C:\Users\USERNAME\.aws\config on
Windows. This file can contain a default profile, named profiles, and
CLI specific configuration parameters for each.
- Instance profile credentials – these credentials can be used on EC2 instances with an assigned instance role, and are delivered
through the Amazon EC2 metadata service.
如果您配置凭据,那么这些 将被使用 ,但是什么都不配置,您应该可以使用现有的实例配置文件和 IAM 角色。
如果我已经为我的 ec2 实例分配了一个 IAM 角色,并且我想从该实例使用 AWS CLI,为什么它要求我输入 access/secret 键,不是那种吗多余?
你不需要它。 As the readme says:
The quickest way to get started is to run the aws configure command:
这并不意味着这是唯一的方法。
对于 IAM 角色,您无需执行任何操作,开箱即用:
The final option for credentials is highly recommended if you are using aws-cli on an EC2 instance. IAM Roles are a great way to have credentials installed automatically on your instance. If you are using IAM Roles, aws-cli will find them and use them automatically.
(也来自自述文件)。
您不需要输入访问key/secret密钥。
Configuring the AWS CLI 的 AWS 文档告诉我们以下有关凭据的信息 提供商链:
The AWS CLI looks for credentials and configuration settings in the following order:
- Command Line Options –
region,outputformat andprofilecan be specified as command options to override default settings.- Environment Variables –
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY, etc.- The AWS credentials file – located at
~/.aws/credentialson Linux, OS X, or Unix, or atC:\Users\USERNAME\.aws\credentialson Windows. This file can contain multiple named profiles in addition to a default profile.- The CLI configuration file – typically located at
~/.aws/configon Linux, OS X, or Unix, or atC:\Users\USERNAME\.aws\configon Windows. This file can contain a default profile, named profiles, and CLI specific configuration parameters for each.- Instance profile credentials – these credentials can be used on EC2 instances with an assigned instance role, and are delivered through the Amazon EC2 metadata service.
如果您配置凭据,那么这些 将被使用 ,但是什么都不配置,您应该可以使用现有的实例配置文件和 IAM 角色。