Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

SSM Automation - Download file from S3 - Assume Role

0

I am trying to figure out how to download file(s) from S3, using an SSM Automation document. Note, this is not a "Command" document type, as I need to use Assume Role. The instances themselves shouldn't have access to the bucket by default, which is why I need the Assume Role bit. DownloadContent with a "Command" document type requires the instance to have the IAM policies/roles attached that can read the bucket.

Is there a way to do this without having the iam policy on each instance being modified/have access to the bucket?

Themen
SpeicherSicherheit, Identität & KonformitätManagement & Unternehmensführung
Tags
Amazon Simple Storage ServiceAWS Identity and Access ManagementAWS Systemmanager
Sprache
English
raithedavion
gefragt vor 2 Jahren1390 Aufrufe
1 Antwort
0

With the information provided the easiest way I would find to do this is to first create a role with a policy that allows access to the bucket, then assign the role through the sts:AssumeRole action on the instance profile.

This should allow the instance to assume the role and have access to the bucket both manually and/or automating through SSM.

nissyangel
beantwortet vor 2 Jahren
  • raithedavion
    vor 2 Jahren

    Ya, trying to do this without putting permissions on an instance I don't want them to normally have. Really prefer to do this just through SSM's assume role.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt