- 最新
- 最多得票
- 最多評論
There are two approaches you can use here:
- Role Chaining.
Here you allow one role to assume another role.
One role attached to EC2 that has CloudWatch permissions. Another role with CodeDeploy permissions. Then you allow CloudWatch Role to assume CodeDeploy Role so that you can inherit the credentials within the EC2 instance and achieve your objective
You can read more about role chaining here [+] Roles terms and concepts - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html
- You can use one role for the EC2 instance and use environment variables within the instance to set the credentails for CodeDeploy. To learn more about setting environment variables, check the below article
[+] Environment variables to configure the AWS CLI - https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
That being said, to further look into this issue more closely, if you would like to do a resource based troubleshooting, please raise a support case with AWS for further information. If a support case has already been created please be assured that we will get back to you and assist you in the best way possible.
相關內容
- 已提問 6 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
EC2 instances can only be attached to one role. I have opened the permissions of codedeploy and cloudwatch for this role, but I still cannot configure the credentials and modify the "/root/.aws/credentials" file. After modifying the "/root/.aws/credentials" file codedeploy The agent will report an error.