This link says
这个链接说
To create the IAM role
创建IAM角色
Open the IAM console.
打开IAM控制台。
In the navigation pane, select Roles, then Create New Role.
在导航窗格中,选择“角色”,然后选择“创建新角色”。
Enter a name for the role, then select Next Step. Remember this name, since you'll need it when you launch your Amazon EC2 instance.
输入角色的名称,然后选择“下一步”。请记住此名称,因为在启动Amazon EC2实例时您将需要它。
On the Select Role Type page, under AWS Service Roles, select Amazon EC2.
在“选择角色类型”页面上的“AWS服务角色”下,选择“Amazon EC2”。
On the Set Permissions page, under Select Policy Template, select Amazon S3 Read Only Access, then Next Step.
在“设置权限”页面的“选择策略模板”下,选择“Amazon S3只读访问”,然后选择“下一步”。
On the Review page, select Create Role.
在Review页面上,选择Create Role。
But when you click "Create New Role", you will be asked as follows
但是当您单击“创建新角色”时,系统会询问您如下所示
They say "choose a service that will use this role"
他们说“选择将使用此角色的服务”
a) As you launch an app in ElasticBeanStalk which in turn creates an Ec2 instance , should I select Ec2 service or Elastic beanstalk service?
a)当你在ElasticBeanStalk中启动一个应用程序,然后创建一个Ec2实例时,我应该选择Ec2服务还是Elastic beanstalk服务?
3 个解决方案
#1
1
You are creating an EC2 instance role, so the service to select is EC2, regardless of whether or not the instances are being spawned and managed by Elastic Beanstalk.
您正在创建EC2实例角色,因此要选择的服务是EC2,无论实例是否由Elastic Beanstalk生成和管理。
With an instance role, your instance has continuous access to a set of automatically-rotated temporary credentials that it can use to access whatever services the role policies grant access to.
使用实例角色,您的实例可以连续访问一组自动轮换的临时凭证,可用于访问角色策略授予访问权限的任何服务。
Here, you are granting the EC2 service permission to actually obtain those temporary credentials on behalf of your instance.
在这里,您授予EC2服务权限,以代表您的实例实际获取这些临时凭证。
#2
0
Rule of thumb with AWS, only create the resources you need. The reason for this is that AWS charges you for everything that you use. Now with that said, if you only need an EC2 that can communicate with your S3, then go with an EC2 only. EC2's are sorta like your base server, and you can always link one to your Elastic Beanstalk (if in fact you want to utilize that service later on).
使用AWS的经验法则,只创建您需要的资源。这样做的原因是AWS会向您收取您使用的所有内容。现在说,如果你只需要一个可以与你的S3通信的EC2,那么只使用EC2。 EC2与您的基本服务器类似,您可以随时将其链接到您的Elastic Beanstalk(如果事实上您希望稍后使用该服务)。
Note, if you eventually begin using your S3 to show content to your users (e.g. your images, videos, etc.), then you should use CloudFront as your CDN to control things like caching, speed, and availability across various regions.
请注意,如果您最终开始使用S3向用户展示内容(例如您的图片,视频等),那么您应该使用CloudFront作为CDN来控制各个地区的缓存,速度和可用性等内容。
Hope this helps.
希望这可以帮助。
#3
0
The AWS document merely is an example (Apply IAM on EC2). You don't need follow the document mechanically, because your case is different, applying IAM on different type(s) of AWS services.
AWS文档仅是一个示例(在EC2上应用IAM)。您不需要机械地遵循该文档,因为您的情况不同,在不同类型的AWS服务上应用IAM。
#1
1
You are creating an EC2 instance role, so the service to select is EC2, regardless of whether or not the instances are being spawned and managed by Elastic Beanstalk.
您正在创建EC2实例角色,因此要选择的服务是EC2,无论实例是否由Elastic Beanstalk生成和管理。
With an instance role, your instance has continuous access to a set of automatically-rotated temporary credentials that it can use to access whatever services the role policies grant access to.
使用实例角色,您的实例可以连续访问一组自动轮换的临时凭证,可用于访问角色策略授予访问权限的任何服务。
Here, you are granting the EC2 service permission to actually obtain those temporary credentials on behalf of your instance.
在这里,您授予EC2服务权限,以代表您的实例实际获取这些临时凭证。
#2
0
Rule of thumb with AWS, only create the resources you need. The reason for this is that AWS charges you for everything that you use. Now with that said, if you only need an EC2 that can communicate with your S3, then go with an EC2 only. EC2's are sorta like your base server, and you can always link one to your Elastic Beanstalk (if in fact you want to utilize that service later on).
使用AWS的经验法则,只创建您需要的资源。这样做的原因是AWS会向您收取您使用的所有内容。现在说,如果你只需要一个可以与你的S3通信的EC2,那么只使用EC2。 EC2与您的基本服务器类似,您可以随时将其链接到您的Elastic Beanstalk(如果事实上您希望稍后使用该服务)。
Note, if you eventually begin using your S3 to show content to your users (e.g. your images, videos, etc.), then you should use CloudFront as your CDN to control things like caching, speed, and availability across various regions.
请注意,如果您最终开始使用S3向用户展示内容(例如您的图片,视频等),那么您应该使用CloudFront作为CDN来控制各个地区的缓存,速度和可用性等内容。
Hope this helps.
希望这可以帮助。
#3
0
The AWS document merely is an example (Apply IAM on EC2). You don't need follow the document mechanically, because your case is different, applying IAM on different type(s) of AWS services.
AWS文档仅是一个示例(在EC2上应用IAM)。您不需要机械地遵循该文档,因为您的情况不同,在不同类型的AWS服务上应用IAM。