setting-up-ec2-instance-profiles
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSetting Up EC2 Instance Profiles
配置EC2实例配置文件
Overview
概述
Domain expertise for granting EC2 instances secure access to AWS services using IAM roles
and instance profiles. Covers the full lifecycle: identifying required permissions, creating
or reusing IAM roles with least-privilege policies, creating instance profiles, attaching
them to EC2 instances, and verifying credential availability.
本领域技能专注于使用IAM角色和实例配置文件为EC2实例授予对AWS服务的安全访问权限。涵盖完整生命周期:识别所需权限、创建或复用遵循最小权限原则的IAM角色、创建实例配置文件、将其附加到EC2实例,以及验证凭证可用性。
Configure an EC2 instance profile
配置EC2实例配置文件
To set up an IAM role and instance profile for an EC2 instance, follow the procedure exactly.
See EC2 instance profile setup procedure.
要为EC2实例设置IAM角色和实例配置文件,请严格遵循以下步骤。详见EC2实例配置文件设置流程。
Troubleshooting
故障排查
Instance not found
实例未找到
Verify the instance ID and region are correct. List instances with .
aws ec2 describe-instances --region <region>验证实例ID和区域是否正确。使用命令列出实例。
aws ec2 describe-instances --region <region>Instance already has a profile
实例已关联配置文件
The procedure handles replacement — it will prompt before disassociating the existing profile.
本流程支持替换操作——在解除现有配置文件关联前会进行提示。
Credentials not available after attachment
附加后凭证不可用
Instance profile propagation can take 30–60 seconds. Applications may need a restart to pick up new credentials.
实例配置文件的传播可能需要30–60秒。应用程序可能需要重启才能获取新凭证。
Access denied errors
访问被拒绝错误
Check that the role's policies include the required actions and resource ARNs. Review CloudTrail logs for the specific denied action.
检查角色的策略是否包含所需的操作和资源ARN。查看CloudTrail日志以了解具体的被拒绝操作。
Application still uses hardcoded credentials
应用仍在使用硬编码凭证
Remove credentials from config files, environment variables (, ), and . The SDK default credential chain will then use the instance profile.
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY~/.aws/credentials从配置文件、环境变量(、)以及中移除凭证。SDK默认凭证链随后将使用实例配置文件。
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY~/.aws/credentials