Reputation: 249
EC2 instance to assume an IAM role so that I don't have to enter token everytime to use services on AWS
On my client's AWS account, security credentials are generated everytime we login to their AWS sandbox account. This credentials file is automatically generated and downloaded via a Chrome plugin(SAML to AWS STS Key Conversion).
We then have to place the generated content to the ./aws/credentials file inside an EC2 instance in the same AWS account. This is little inconvenient as we have to update the generated credentials and session_token into the credentials file inside the EC2 instance every time we launch a Terraform script.
Is there any way we can attach any role so that we can just use the EC2 instance without entering the credentials into the credentials file. Please suggest.
Upvotes: 0
Views: 270
Answers (1)
Reputation: 78850
Work out what a reasonable, minimal set of permissions the Terraform script needs to create its AWS resources, then create an IAM role with those permissions, then add that IAM role to the instance (or launch a new instance with the role). Don't have a ~/.aws/credentials file on the instance or it will take precedence over the IAM role-based credentials.
Upvotes: 2
Related Questions
- How do I create an IAM role in Terraform for Amazon ECR?
- Attach IAM role to existing EC2 instance using terraform
- How can i provision IAM Role in aws with terraform?
- Terraform: Attaching an unmanaged IAM role
- Create and attach IAM role to EC2 using terraform
- Modify EC2 service role so that it can be assumed by an IAM user in the same account
- Creating an AWS Service Role with Terraform
- Use IAM role instead of credentials to create aws resource from an EC2 instance using terraform
- How to create roles in terraform
- Terraform using IAM role assume