{ "Type" : "AWS::IAM::InstanceProfile", "Properties" : { "InstanceProfileName" : String, "Path" : String, "Roles" : [ String, ... ] } } YAML Type: AWS::IAM::InstanceProfile Properties: InstanceProfileName: String Path: String Roles: - String Properties InstanceProfileName The...
在创建EC2实例时,我们在“IAM instance profile”中选择上述创建的角色。
IamInstanceProfileSpecification clone() boolean equals(Object obj) String getArn() The Amazon Resource Name (ARN) of the instance profile. String getName() The name of the instance profile. int hashCode() void setArn(String arn) The Amazon Resource Name (ARN) of th...
],"CreateDate":"2021-12-03T06:53:01Z","InstanceProfileName":"DEV_PROFILE","Path":"/","Arn":"arn:aws:iam::xxxxxxxxxxx:instance-profile/DEV_PROFILE"} } Associate the IAM Instance profile with EC2 instance ID: aws ec2 associate-iam-instance-profile --instance-id<LAB_WEB_SERVER_INSTANCE...
+ iam_instance_profile = (known after apply) + id = (known after apply) + instance_initiated_shutdown_behavior = (known after apply) + instance_lifecycle = (known after apply) + instance_state = (known after apply) + instance_type = "t3.micro" ...
应用程序通过指定 profile 名称使用角色,无需任何密钥,SDK 会自动代入角色并获取临时证书。 详细步骤说明 创建EC2 Instance 的 role,例如 DefaultInstanceRole,绑定到 EC2 实例。 aws ec2 associate-iam-instance-profile --instance-id YourInstanceId --iam-instance-profile Name=YourNewRole-Instance...
您现在可以将IAM角色{YourNewRole}附加到EC2实例{YourInstanceId}: 1. 获取现有EC2实例详细信息(记录InstanceId)。在命令行中执行以下命令: $aws ec2 describe-instances 2. 将新创建的IAM角色{YourNewRole}的实例配置文件{YourNewRole-Instance-Profile} 附加到您的EC2实例{YourInstanceId}。在命令行中执行以下命令:...
DeleteInstanceProfile","iam:DeleteRole","iam:DeleteRolePolicy","iam:GetInstanceProfile","iam:GetRole","iam:GetRolePolicy","iam:ListInstanceProfilesForRole","iam:ListRolePolicies","iam:ListRoles","iam:PassRole","iam:PutRolePolicy","iam:RemoveRoleFromInstanceProfile","s3:*"],"Resource":"*"}...
AWS发布了一些最佳实践,这些最佳实践不鼓励配置长期有效的"AWS API凭据"(AWS API credentials),并鼓励通过"实例配置文件"(Instance Profile)将"身份和访问管理(Identity and Access Management,IAM)角色"应用于EC2实例。 当"策略"(Policies)被附加到一个IAM角色(链接到一个"实例配置文件"的IAM角色)的时候 "策略"(...
Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: - ec2.amazonaws.com Action: - 'sts:AssumeRole' Path: / BastionSsmPolicy: Type: AWS::IAM::Policy Properties: PolicyName: ApplianceInstanceAccess ...