Following the steps in the documentation http://ift.tt/PkkBhZ:
Prepare the bundle to upload to Amazon S3 using the ec2-bundle-vol command. Be sure to specify the -e option to exclude the directory where your credentials are stored.
For my instance my credentials are stored:
- In environment variables. And also in bashrc so each terminal has access to them
- In an ini file of my webservers home directory var/www, as per the PHP AWS SDK
If the purpose of is to create an AMI that can be stored in S3 and used to spin up new instances with, don't I want these credentials present on the AMI? Otherwise before I launch each EC2 with this new custom AMI I have to add the credentials to it each time?
Similarly, by default the
By default, the bundle process excludes files that might contain sensitive information. These files include *.sw, *.swo, *.swp, *.pem, *.priv, id_rsa, id_dsa *.gpg, *.jks, */.ssh/authorized_keys, and */.bash_history. To include all of these files, use the --no-filter option. To include some of these files, use the --include option.
Again, wouldn't I want to include all of these things?
I am the only one on the AWS account though I have set up an IAM user which I use. Uploading this AMI to S3 with no exclude option and using --no-filter should be fine shouldn't it? It's not like anyone else can access it? So I'm confused why the documentation is advising this.
Aucun commentaire:
Enregistrer un commentaire