dongwenyou4298
dongwenyou4298
2019-01-29 23:15

我的应用程序是否需要在ec2实例上请求一个角色来配置会话或将其保留为空?

  • it技术
  • 互联网问答
  • IT行业问题
  • 编程语言问答
  • 计算机技术

I'm trying to use the aws-sdk-go in my application. It's running on EC2 instance. Now in the Configuring Credentials of the doc,https://docs.aws.amazon.com/sdk-for-go/api/, it says it will look in

*Environment Credentials - Set of environment variables that are useful when sub processes are created for specific roles.

* Shared Credentials file (~/.aws/credentials) - This file stores your credentials based on a profile name and is useful for local development.

*EC2 Instance Role Credentials - Use EC2 Instance Role to assign credentials to application running on an EC2 instance. This removes the need to manage credential files in production.`

Wouldn't the best order be the reverse order? But my main question is do I need to ask the instance if it has a role and then use that to set up the credentials if it has a role? This is where I'm not sure of what I need to do and how.

I did try a simple test of creating a empty config with essentially only setting the region and running it on the instance with the role and it seems to have "worked" but in this case, I am not sure if I need to explicitly set the role or not.

awsSDK.Config{
    Region:      awsSDK.String(a.region),
    MaxRetries:  awsSDK.Int(maxRetries),
    HTTPClient:  http.DefaultClient,
}

I just want to confirm is this the proper way of doing it or not. My thinking is I need to do something like the following

   role = use sdk call to get role on machine
   set awsSDK.Config { Credentials: credentials form of role,
            ...
       }

   issue service command with returned client.

Any more docs/pointers would be great!

  • 点赞
  • 回答
  • 收藏
  • 复制链接分享

2条回答

为你推荐