Reputation: 93
How to deploy an application using IAM Identity to access AWS SDK when session expires every X hours
I am new to AWS and I finally figured out how to setup IAM Identity to use the SDK. However, to use it I need to use my CLI to login to initiate a new session which requires a browser to open and some fancy 2-factor method using my phone.
Something does not seem right because once my application gets bundled up into a container, how am I expected to refresh the session every 12 hours, for each container I run?
I have considered the long-term auth method but AWS strongly recommends against that.
Upvotes: 0
Views: 102
Answers (1)
Reputation: 434
AWS provides a machine role, which is an IAM role that generates temporary credentials and is associated with the container or the virtual machines on which the application runs. Utilizing such roles, you don't need to specify/configure access credentials when using SDK. Details are here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html. This method is the appropriate way to give programmatic access to AWS services from applications that run on AWS infrastructure.
Upvotes: 0
Related Questions
- How to create AWS Console Deeplinks behind IAM Identity Center login?
- How do I get User To Show Up AWS IAM Identity Center Under AWS Accounts?
- What happens to existing AWS IAM users when enable IAM Identity Center?
- Firebase as Identity Provider with Cognito / AWS
- How to access bucket on AWS S3 using IAM - with Node.js (aws-sdk)?