Associate a Role to a running AWS instance
In order to run AWS monitoring scripts (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/mon-scripts-perl.html) on one of my ec2 existing instance, I need a IAM
-
Earlier there was no solution. You had to create and AMI and launch the server again with the appropriate role.
On Feb 9, AWS launched these new CLI options which can help you solve your problem. See this link: https://aws.amazon.com/blogs/security/new-attach-an-aws-iam-role-to-an-existing-amazon-ec2-instance-by-using-the-aws-cli/
讨论(0) -
AWS doesn't allow you to modify the instance role after launching the instance.
You can either:
1) Launch a new instance with the role needed by taking the AMI of the already running instance and reassigning the EIP.
or
2) Create a headless user, generate access key and secret key for the user with specific permssion, and use those keys.
讨论(0) -
If not, what can I do? Launch a new instance with a role and transfert the volumes to it?
This is one option but it might take you a long time if you have a lot instances.
The other option is to simply use IAM by creating a new user then add the
Amazon CloudWatch PutMetricData operationpermission to that user. Then, create AWS credentials for that user and finally use them as per the docs that you specified:Optional: If you aren't using an IAM role, update the awscreds.template file that you downloaded earlier. The content of this file should use the following format:
AWSAccessKeyId=YourAccessKeyID
AWSSecretKey=YourSecretAccessKey
Also set the environment variable
AWS_CREDENTIAL_FILEto point that awscreds.template in the environment of the user that is running themon-scripts-perl讨论(0) -
There is a new method available
associate-iam-instance-profileto Associates an IAM instance profile with a running or stopped instance.Example:
aws ec2 associate-iam-instance-profile --instance-id YourInstanceId --iam-instance-profile Name=YourNewRole-Instance-ProfileDoco
讨论(0)
加载中...
- 热议问题