Skin
Layout Boxed
Background
Direction

[Recipes] Using IAM Roles Instead of Configuring Credentials in AWS Command Line

Submitted by heartin on Sat, 12/23/2017 - 14:42

Problem: 

Configuring credentials through CLI in an EC2 instance is not considered a good practice. Instead should use IAM roles.

Solution Summary: 

Will configure and use IAM roles instead of configuring credentials in AWS CLI.

Prerequisites: 

Created and launched an EC2 instance.

Solution Steps: 

  1. Login to AWS console and go to IAM:

    1. Go to Roles (side menu)

    2. Create a role:  Give any name, select role type as Amazon EC2, Attach following policies: AmazonS3FullAccess.

  2. Go to EC2:

    1. Launch a new instance: Select Amazon Linux AMI, t2 micro, select the role we created against IAM roles, tag as (Key: Name, Value:DemoEC2-WithRoles), use existing web dmz security group (or create one if needed), use existing EC2 key-pair(or create one if needed).

    2. Verify that role is attached from the dashboard.

    3. Wait until the EC2 instance is up and running.

  3. Connect to the EC2 instance through ssh and elevate privileges: sudo su

  4. Verify that there is no .aws folder:

    1. cd ~

    2. ls –a

  5. Run again: aws s3 ls

    1. It should list your S3 buckets.

  6. Try running: aws s3 help

    1. It should give a good description of this command with all available options.

  7. Remove the EC2 instance.

  8. Remove the user(s) created.

 

Exam Tips

  1. You can only assign a role to an EC2 instance, only when you create that instance. However we can change the policy document for a role anytime.

  2. Roles are universal; you can use them in any region.

Recipe Tags: 

EC2 Lab
aws security lab

Partners and Platforms

Learn Serverless from Serverless Programming Cookbook

Contact

Please first use the contact form or facebook page messaging to connect.

Offline Contact
We currently connect locally for discussions and sessions at Bangalore, India. Please follow us on our facebook page for details.
WhatsApp (Primary): (+91) 7411174113
Phone (Escalations): (+91) 7411174114

Business newsletter

Complete the form below, and we'll send you an e-mail every now and again with all the latest news.

About

Cloudericks.com is my blog to share notes and learning materials on Cloud and Data Analytics. My current focus is on Amazon Web Services.

I like to write. I try to document what I learn and share with others. I believe that knowledge is useless unless you share it; the more you share, the more you learn.

Partner Sites

Recent comments

Photo Stream