我正在使用userdata属性来运行一个脚本,该脚本在联机时将实例连接到域
像这样传递信用:
$ADUser = 'me' $ADPassword = 'Pass' $ADPassword = $ADPassword | ConvertTo-securestring -AsPlainText -Force $ADCred = New-Object System.Management.Automation.PSCredential -ArgumentList $ADUser,$ADPassword Add-Computer -Credential $ADCred -DomainName mydom.local -NewName testing Restart-Computer -force
我正在使用New-EC2Instance cmdlet启动它并将此脚本作为userdata传递
我的凭据是否可以在aws日志中显示错误输出?或者别的地方?在将证书注入PS命令之前,凭证是安全的,我担心它在AWS中的位置.
AWS文档强调:
Important
Although you can only access instance Metadata and user data from within the instance itself,the data is not protected by cryptographic methods. Anyone who can access the instance can view its Metadata. Therefore,you should take suitable precautions to protect sensitive data (such as long-lived encryption keys). You should not store sensitive data,such as passwords,as user data.
资料来源:http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
相反,为EC2实例创建IAM角色,并赋予其执行需要执行的操作的权限.然后,启动EC2实例时,将IAM角色分配给EC2实例(以后不能分配).
原文地址:https://www.jb51.cc/windows/366964.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。