我編寫了一個 terraform 代碼來創建 IAM 用戶,我的要求是將訪問密鑰和密鑰存儲在 S3 存儲桶中。我曾嘗試通過 s3 cli 命令實現相同的功能,但沒有太大幫助。任何建議,將不勝感激
我想指出,如果配置不正確,在 s3 中存儲令牌可能很危險。
確保您已經了解 AWS 中的策略和 s3 中的訪問控制是如何工作的!. https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
有了這個,這就是我想出的:
# The user to which we will grant access to s3
resource "aws_iam_user" "user" {
name = "s3-user"
path = "/"
}
# Create the access key
resource "aws_iam_access_key" "key" {
user = aws_iam_user.user.name
}
# Create the bucket for storing tokens
resource "aws_s3_bucket" "token" {
bucket = "my_token_bucket"
acl = "private"
}
# Create the object inside the token bucket
resource "aws_s3_bucket_object" "tokens" {
bucket = aws_s3_bucket.token.id
key = "keys.txt"
server_side_encryption = "AES256"
content_type = "text/plain"
content = <<EOF
access_id: ${aws_iam_access_key.key.id}
access_secret: ${aws_iam_access_key.key.secret}
EOF
}
我沒有測試過這個。
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句