推荐的方法来管理多个AWS帐户的凭据?多个、凭据、方法来、帐户
什么是管理多个亚马逊网络服务(AWS)的最佳方式帐户通过博托?
What is the best way to manage multiple Amazon Web Services (AWS) accounts through boto?
我所熟悉的 BotoConfig 的文件,这些文件我使用。但是,每一个文件描述只有一个帐户...,我有更多的不仅仅是一个组织工作。对于所有常用的法律,金融和安全方面的原因,这些帐户不能混用。
I am familiar with BotoConfig files, which I'm using. But each file describes only a single account...and I am working with more than just the one organization. For all the usual legal, financial, and security reasons, those accounts cannot be commingled.
目前我使用的每个账户有一个博托配置文件。例如:
Currently I am using one boto config file per account. E.g.:
〜/ .boto 默认帐号
〜/ .boto_clowncollege 为clowncollege帐户
〜/ .boto_razorassoc 为razorassoc帐户
〜/ .boto_xyz 的某某账户
~/.boto default account
~/.boto_clowncollege for "clowncollege" account
~/.boto_razorassoc for "razorassoc" account
~/.boto_xyz for "xyz" account
然后是这样的:
def boto_config_path(account=None):
"""
Given an account name, return the path to the corresponding boto
configuration file. If no account given, return the default config file.
"""
path = '~/.boto' + ('_' + account if account else '')
clean_path = os.path.abspath(os.path.expanduser(path))
if os.path.isfile(clean_path):
return clean_path
else:
errmsg = "cannot find boto config file {} for {}".format(clean_path, account)
raise ValueError(errmsg)
def aws_credentials(account=None):
"""
Return a tuple of AWS credentials (access key id and secret access key) for
the given account.
"""
try:
cfg = INIConfig(open(boto_config_path(account)))
return ( cfg.Credentials.aws_access_key_id, cfg.Credentials.aws_secret_access_key )
except Exception:
raise
conn = EC2Connection(*aws_credentials('razorassoc'))
好是坏,还是无动于衷?改进建议?
Good, bad, or indifferent? Suggested improvements?
推荐答案
在未来,博托将提供更好的工具来帮助你管理多个证书,但在目前,有一些环境变量可能会助阵。
In the future, boto will provide better tools to help you manage multiple credentials but at the moment, there are a couple of environment variables that might help out.
首先,你可以设置BOTO_CONFIG以指向你想使用一个博托配置文件,它会覆盖在正常的位置找到的任何配置文件。
First, you can set BOTO_CONFIG to point to a boto config file that you want to use and it will override any config file found in the normal locations.
其次,你可以设置BOTO_PATH的地方寻找一个博托配置文件中的冒号分隔的列表,它会搜索那里第一次,之前正常的搜索位置。
Secondly, you can set BOTO_PATH to a colon-separated list of places to look for a boto config file and it will search there first, prior to the normal search locations.
你想要什么,但它可能更容易实现与少一点code这两个时间都不给你。
Neither of those give you exactly what you want but it may make it easier to accomplish with a bit less code.
如果您有关于你将如何喜欢这个想法博托工作,请让我知道!
If you have ideas about how you would like this to work in boto, please let me know!
