目录
一、安装AWS CLI
1、linux 安装AWS CLI
官网:https://docs.amazonaws.cn/cli/latest/userguide/install-cliv2-linux.html
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
2、配置AWS CLI
首先AWS后台获取账号密钥对->使用aws configure配置认证
# aws configure
AWS Access Key ID [None]: AKIAQGMfdfsefd7Odf
AWS Secret Access Key [None]: JCKbGTfkkdjfdgrrZdpo8weSenCxooY
Default region name [None]: cn-northwest-1
Default output format [None]: json
二、创建具有导入导出权限的角色
1、新建文件trust-policy.json 放入
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": { "Service": "vmie.amazonaws.com" },
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals":{
"sts:Externalid": "vmimport"
}
}
}
]
}
2、创建服务角色
# aws iam create-role --role-name vmimport --assume-role-policy-document file:///home/centos/trust-policy.json
{
"Role": {
"Path": "/",
"RoleName": "vmimport",
"RoleId": "AROAQGM5NM2MH4OH5OAVP",
"Arn": "arn:aws-cn:iam::013751903896:role/vmimport",
"CreateDate": "2020-05-14T08:34:46+00:00",
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "vmie.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:Externalid": "vmimport"
}
}
}
]
}
}
3、编写角色策略
创建名为 role-policy.json 的文件并编写下面的策略,其中,migrate-cloud-image 为存储磁盘映像的存储桶:
# cat role-policy.json
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource":[
"arn:aws-cn:s3:::migrate-cloud-image",
"arn:aws-cn:s3:::migrate-cloud-image/*"
]
},
{
"Effect":"Allow",
"Action":[
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:GetBucketAcl"
],
"Resource":[
"arn:aws-cn:s3:::export-image",
"arn:aws-cn:s3:::export-image/*"
]
},
{
"Effect":"Allow",
"Action":[
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Resource":"*"
}
]
}
4、策略和角色关联
使用put-role-policy命令将策略挂载到之前创建的角色,请指定 role-policy.json 文件位置的完整路径