0
我無法弄清楚如何讓我公司的其他人部署到使用AWS Elastic Beanstalk的(測試)服務器。Elastic Beanstalk:允許用戶部署
本頁面顯示在ELB全球唯一權限控制:http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.iam.managed-policies.html
A
回答
0
題爲Using IAM to secure Elastic Beanstalk Applications on AWS的里斯·戈弗雷博客文章有一些很好的指導。
我們有一個Elastic Beanstalk應用程序和一組用戶。這個 用戶組應該能夠監視和部署到僅彈出豆杆環境的 ,以及重新啓動或終止 應用程序實例。他們不應該能夠更改應用程序或環境配置,或者刪除環境。 用戶不應該能夠影響其他應用程序或AWS 服務,但他們可以看到其他區域的詳細信息。 我們假設用戶將使用AWS控制檯。
我已將此IAM政策轉貼以供參考。
他的方法的好處在於,它通過引用實例EG Environment=testing上的EC2標記來考慮應用程序環境,在您的用例中需要該實例。
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"ElasticBeanstalkEnvironmentPermissions",
"Effect":"Allow",
"Action":[
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:DescribeEvents",
"elasticbeanstalk:RestartAppServer",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"elasticbeanstalk:SwapEnvironmentCNAMEs",
"elasticbeanstalk:UpdateEnvironment",
"elasticbeanstalk:RequestEnvironmentInfo"
],
"Resource":[
"arn:aws:elasticbeanstalk:eu-west-1:123xxxxxxxxx:environment/ApplicationName/*"
]
},
{
"Sid":"ElasticBeanstalkGlobalPermissions",
"Effect":"Allow",
"Action":[
"elasticbeanstalk:DescribeConfigurationOptions",
"elasticbeanstalk:DescribeConfigurationSettings",
"elasticbeanstalk:ListAvailableSolutionStacks",
"elasticbeanstalk:ValidateConfigurationSettings",
"elasticbeanstalk:CheckDNSAvailability",
"elasticbeanstalk:CreateStorageLocation"
],
"Resource":[
"*"
]
},
{
"Sid":"ElasticBeanstalkApplicationVersionPermissions",
"Effect":"Allow",
"Action":[
"elasticbeanstalk:CreateApplicationVersion",
"elasticbeanstalk:DescribeApplicationVersions",
"elasticbeanstalk:UpdateApplicationVersion"
],
"Resource":[
"arn:aws:elasticbeanstalk:eu-west-1:123xxxxxxxxx:applicationversion/ApplicationName/*"
]
},
{
"Sid":"ElasticBeanstalkApplicationPermissions",
"Effect":"Allow",
"Action":[
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:UpdateApplication"
],
"Resource":[
"arn:aws:elasticbeanstalk:eu-west-1:123xxxxxxxxx:application/ApplicationName"
]
},
{
"Sid":"Autoscaling",
"Effect":"Allow",
"Action":[
"autoscaling:SuspendProcesses",
"autoscaling:Describe*",
"autoscaling:ResumeProcesses"
],
"Resource":"*"
},
{
"Sid":"Cloudwatch",
"Effect":"Allow",
"Action":[
"cloudwatch:Describe*",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Resource":"*"
},
{
"Sid":"Cloudformation",
"Effect":"Allow",
"Action":[
"cloudformation:GetTemplate",
"cloudformation:Describe*"
],
"Resource":"*"
},
{
"Sid":"IAM",
"Effect":"Allow",
"Action":[
"iam:ListServerCertificates",
"iam:ListInstanceProfiles"
],
"Resource":"*"
},
{
"Sid":"S3ElasticBeanstalkBucket",
"Action":[
"s3:AbortMultipartUpload",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketPolicy",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetLifecycleConfiguration",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectTorrent",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetObjectVersionTorrent",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:ListBucket",
"s3:GetObject",
"s3:DeleteObject"
],
"Effect":"Allow",
"Resource":[
"arn:aws:s3:::elasticbeanstalk-eu-west-1-123xxxxxxxxx",
"arn:aws:s3:::elasticbeanstalk-eu-west-1-123xxxxxxxxx/*"
]
},
{
"Sid":"S3Global",
"Effect":"Allow",
"Action":"s3:ListAllMyBuckets",
"Resource":"arn:aws:s3:::*"
},
{
"Sid":"S3ElasticBeanstalkShared",
"Effect":"Allow",
"Action":"s3:*",
"Resource":[
"arn:aws:s3:::elasticbeanstalk-env-resources-eu-west-1",
"arn:aws:s3:::elasticbeanstalk-env-resources-eu-west-1/*"
]
},
{
"Sid":"EC2Global",
"Effect":"Allow",
"Action":[
"ec2:Describe*"
],
"Resource":[
"*"
]
}
]
}
第二IAM政策處理EC2實例爲給定的環境:
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"EC2EnvironmentInstances",
"Effect":"Allow",
"Action":[
"ec2:MonitorInstances",
"ec2:UnmonitorInstances",
"ec2:RebootInstances",
"ec2:StopInstances"
],
"Resource":[
"arn:aws:ec2:eu-west-1:123xxxxxxxxx:instance/*"
],
"Condition":{
"StringEquals":{
"ec2:ResourceTag/elasticbeanstalk:environment-name":"EnvironmentName"
}
}
}
]
}
相關問題
- 1. AWS Elastic Beanstalk部署順序
- 2. AWS Elastic Beanstalk計劃部署
- 3. Rails elastic Beanstalk無法部署 -
- 4. AWS Elastic Beanstalk部署不起作用
- 5. 用托盤部署戰爭到Elastic Beanstalk
- 6. 在Elastic Beanstalk中使用CherryPy部署python
- 7. 無法通過Eclipse部署到Elastic Beanstalk
- 8. Elastic Beanstalk部署 - 從命令行的ASP.NET
- 9. 安裝gems失敗部署 - AWS Elastic Beanstalk
- 10. 手動部署vs. Amazon Elastic Beanstalk
- 11. 將Perl Docker容器部署到Elastic Beanstalk
- 12. 在Amazons Elastic Beanstalk上部署WAR
- 13. Elastic Beanstalk CLI上傳版本未部署
- 14. Jenkins AWS Elastic Beanstalk部署錯誤
- 15. AWS Elastic Beanstalk部署502網關錯誤
- 16. 將戰爭文件部署到Elastic beanstalk
- 17. 將git標籤部署到Amazon Elastic Beanstalk
- 18. AWS Elastic Beanstalk Docker部署失敗
- 19. Elastic Beanstalk運行後部署腳本
- 20. Amazon AWS Elastic Beanstalk Laravel 4部署
- 21. Amazon Elastic Beanstalk上的Node.js部署問題
- 22. 如何將Angular.js部署到Elastic Beanstalk
- 23. AWS僅允許用戶訪問彈性beanstalk實例和存儲
- 24. 使用Elastic Beanstalk部署.NET worker應用程序
- 25. 使用Amazon Elastic Beanstalk部署symfony2.1應用程序
- 26. 使用AWS Elastic Beanstalk部署PHP應用程序
- 27. 使用S3部署WordPress以用於Elastic Beanstalk
- 28. 節點JS - Elastic Beanstalk AWS - 允許寫入訪問
- 29. Jenkins部署到彈性beanstalk
- 30. 在AWS Elastic Beanstalk上部署Dockerized Symfony2應用程序
你想將其限制於特定應用的豆莖? – Shibashis
是的,適用於特定的應用程序和特定的環境。找不到如何。 –
有人似乎已經在github上分享了它。 https://gist.github.com/magnetikonline/5034bdbb049181a96ac9 – Shibashis