Run CLI command from an Instance without the security keys

February 16, 2022 at 6:26 pm Reply
Ron Hoffman	I have an EC2 instance and I want to run AWS CLI commands to take snapshots or connect with S3 but I don’t want to store my access keys and secret access keys or any other security credential on the instance. Can I do this without using Access keys and Secret Access Keys ?
This discussion contains 4 replies and has 118 views.

February 16, 2022 at 6:26 pm

Ron Hoffman

I have an EC2 instance and I want to run AWS CLI commands to take snapshots or connect with S3 but I don’t want to store my access keys and secret access keys or any other security credential on the instance.

Can I do this without using Access keys and Secret Access Keys ?

February 16, 2022 at 8:27 pm Reply
Taral Shah	You’ll need to create roles in IAM, and manage permissions to control which operations should be performed by the AWS service or resources. In this case, the AWS resource would assume the IAM role or IAM Role would work on behalf of the AWS user and perform the activity. The advantage of the IAM role is that the user needs to launch an instance with IAM role and then he can run all EC2 CLI commands or connect with other AWS resources without AWS credentials, provided the Role has access to all these resources.

February 16, 2022 at 8:27 pm

Taral Shah

You’ll need to create roles in IAM, and manage permissions to control which operations should be performed by the AWS service or resources. In this case, the AWS resource would assume the IAM role or IAM Role would work on behalf of the AWS user and perform the activity.

The advantage of the IAM role is that the user needs to launch an instance with IAM role and then he can run all EC2 CLI commands or connect with other AWS resources without AWS credentials, provided the Role has access to all these resources.

February 16, 2022 at 11:28 pm Reply
maxs	@Taral - Keep in mind that the IAM role has to be used with some resource or entity like EC2 instances, Auto Scaling, Cloudformation, VPC, Spot, or reserved instances. Consider this guide on how to automate EBS Volume Snapshots: http://phpstack-1446756-5421145.cloudwaysapps.com/how-to-automated-ebs-volume-snapshot/ - Here the user can run snapshot commands without using AWS credentials if the EC2 instance is launched with the IAM Role.

February 16, 2022 at 11:28 pm

maxs

@Taral -

Keep in mind that the IAM role has to be used with some resource or entity like EC2 instances, Auto Scaling, Cloudformation, VPC, Spot, or reserved instances. Consider this guide on how to automate EBS Volume Snapshots: http://phpstack-1446756-5421145.cloudwaysapps.com/how-to-automated-ebs-volume-snapshot/ - Here the user can run snapshot commands without using AWS credentials if the EC2 instance is launched with the IAM Role.

February 25, 2022 at 12:29 pm Reply
Larry W	on Amazon site - ”IAM roles allow you to delegate access to users or services that normally don’t have access to your organization’s AWS resources. IAM users or AWS services can assume a role to obtain temporary security credentials that can be used to make AWS API calls. Consequently, you don’t have to”. AWS explains IAM Roles on their site. Maybe this will help to clarify. - http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html

February 25, 2022 at 12:29 pm

Larry W

on Amazon site - ”IAM roles allow you to delegate access to users or services that normally don’t have access to your organization’s AWS resources. IAM users or AWS services can assume a role to obtain temporary security credentials that can be used to make AWS API calls. Consequently, you don’t have to”. AWS explains IAM Roles on their site. Maybe this will help to clarify. - http://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html

April 10, 2022 at 11:52 am Reply
Aldrin Leal	Two things: 1. Note that AWS Elastic Beanstalk does NOT support IAM Roles yet 2. When IAM Roles arent cut it, consider STS instead - Specially for Mobile Clients AWS provides a great insight on how to pick using the “AWS Hotel” Case: See http://aws.typepad.com/aws/2011/08/aws-identity-and-access-management-now-with-identity-federation.html for the original concept and http://aws.typepad.com/aws/2021/06/iam-roles-for-ec2-instances-simplified-secure-access-to-aws-service-apis-from-ec2.html for an update concerning IAM Instance Roles

April 10, 2022 at 11:52 am

Aldrin Leal

Two things:

1. Note that AWS Elastic Beanstalk does *NOT* support IAM Roles yet

2. When IAM Roles arent cut it, consider STS instead - Specially for Mobile Clients

AWS provides a great insight on how to pick using the “AWS Hotel” Case: See http://aws.typepad.com/aws/2011/08/aws-identity-and-access-management-now-with-identity-federation.html for the original concept and http://aws.typepad.com/aws/2021/06/iam-roles-for-ec2-instances-simplified-secure-access-to-aws-service-apis-from-ec2.html for an update concerning IAM Instance Roles

Run CLI command from an Instance without the security keys

Watch Newvem's Video

Hot Features

Some of Our Clients

Most Popular Posts

Company

Tips on AWS

AWS Solutions

CloudPedia

Azure

Contact Us

Run CLI command from an Instance without the security keys

Watch Newvem's Video

Hot Features

Some of Our Clients

Most Popular Posts

Tags

Stay connected