How can we apply IAM Roles to an ec2 instance?

StackOverflow https://stackoverflow.com/questions/21771393

Question

I am exploring amazon IAM Roles. I want to know how can we apply IAM roles to an ec2 instance to access an application.

Any lead is highly appreciated.

Thanks

Était-ce utile?

La solution

You can attach a Role to an Instance to provide this instance with specific permissions to use AWS API.

For example : You deploy a Java application on Tomcat and you want your application to use DynamoDB or S3 ... you need an ACCESS KEY and SECRET KEY with proper permission. How would your application get these ? A configuration file ? Burned into the AMI ? Stored in a database ? ... none of these are secure and manageable at large scale.

This is where Role kicks in.

  • you define a role in IAM and attach a couple of permission to it.
  • when you create the instance, you attach the role (you can not do that at a later time !)
  • from the instance, a private web service will give access to temporary ACCESS KEY and SECRET KEY, limited to the permissions specified in the role.

The best part is that AWS SDK are knowing about that and can dynamically and automatically get the keys for you.

Check out the doc for more details : http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top