2 個答案
- 最新
- 最多得票
- 最多評論
1
I think you'll need to authenticate with MFA before running the "push" command. These instructions might be helpful: https://aws.amazon.com/premiumsupport/knowledge-center/authenticate-mfa-cli/
已回答 2 年前
0
Thanks, yes it appears mfa_serial
is not useful in this scenario.
Here are the steps I took to push an image:
- Set up your default profile in ~/.aws/credentials so you can call
get-session-token
:
[default]
aws_access_key_id=example-access-Key-for-an-IAM-user
aws_secret_access_key=example-secret-access-key-for-IAM-user
- Set up a profile in ~/.aws/credentials to use with Lightsail:
[mfa]
aws_access_key_id=<not available yet>
aws_secret_access_key=<not available yet>
aws_session_token=<not available yet>
- Create an entry in ~/.aws/config for your role that will use the
[mfa]
profile:
[profile mfa-dev]
source_profile=mfa
role_arn=arn:aws:iam::<account_id>:role/<role>
- Call
get-session-token
, passing in the token code from your MFA device:
$ aws --profile default sts get-session-token --serial-number arn:aws:iam::<account_id>:mfa/<user> --token-code xxxxxx
- This will return credentials in JSON format. Copy the JSON values into your
[mfa]
profile in**~/.aws/credentials** :
[mfa]
aws_access_key_id=<value from JSON>
aws_secret_access_key=<value from JSON>
aws_session_token=<value from JSON>
- Set your environment to use the
[mfa-dev]
profile (this is in Powershell):
$env:AWS_PROFILE = "mfa-dev"
- Push the image
$ aws lightsail push-container-image --service-name <service> --label <label> --image <image>
已回答 2 年前
相關內容
- AWS 官方已更新 2 年前