Reputation: 1328
AWS EC2 IAM policy by default
I have a bastion host in a public subnet which I am going to use to login to another EC2 instance in a private subnet. I have set it up and everything is working fine (Linux ssh). But I am curious to know if if there is any IAM role will come into play here if I do not specify anything explicitly? Can anyone please let me know.
Upvotes: 0
Views: 462
Answers (1)
Reputation: 269101
IAM Roles are used to provide credentials for making API call to AWS. For example, they might be calls to launch Amazon EC2 instances or to change network settings.
Based on your description, your bastion server does not need to make any API calls to AWS, so an IAM Role is not required.
Authentication for SSH is performed by the Linux operating system using keypairs. This is 'normal' Linux and does not involve AWS (except that AWS can generate keypairs for you if you do not wish to import your own keypairs).
By the way, instead of using SSH via a Bastion server, you could consider using AWS Systems Manager Session Manager, which can provide SSH-like connectivity including to instances in private subnets.
Upvotes: 2
Related Questions
- AWS IAM EC2 policy limited to originating instance
- IAM Policy for AWS EC2 start/stop instance
- AWS EC2: IAM policy for ec2:RequestSpotInstances
- IAM policy variables
- AWS IAM policy issues
- AWS Enterprise Account - IAM Settings
- AWS IAM customized policy at instance level for EC2 doesn't work
- AWS EC2 IAM Conditions
- IAM policy not working
- Minimal IAM policy for ec2:RunInstances