Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

SSM & DHMC - EC2 Credentials

0

I've been looking at DHMC which was announced a couple of months ago. I've followed the documentation at https://docs.aws.amazon.com/systems-manager/latest/userguide/managed-instances-default-host-management.html.

I've followed the steps in the document, and then created an EC2 instance running Amazon Linux 2023, with no instance profile and have updated amazon-ssm-agent which now shows

# yum info amazon-ssm-agent
Last metadata expiration check: 0:18:08 ago on Thu Apr 27 16:30:17 2023.
Installed Packages
Name         : amazon-ssm-agent
Version      : 3.2.815.0
Release      : 1
Architecture : x86_64
Size         : 100 M
Source       : amazon-ssm-agent-3.2.815.0-1.src.rpm
Repository   : @System
From repo    : @commandline
Summary      : Manage EC2 Instances using SSM APIs
URL          : http://docs.aws.amazon.com/ssm/latest/APIReference/Welcome.html
License      : Apache License, Version 2.0
Description  : This package provides Amazon SSM Agent for managing EC2 Instances using SSM APIs

Enabling DHMC, I can see the instance in fleet manager, and I can connect via Session Manager to the instance. However, if I try and run any AWS CLI commands, I get an error Unable to locate credentials. You can configure credentials by running "aws configure".

Is there anyway to assign the aws identity automatically for the DHMC EC2 instances?

Temas
CálculoGestión y gobierno
Etiquetas
Amazon EC2AWS Systems ManagerAmazon Linux
Idioma
English
profile picture
Simon Hanmer
preguntada hace un año490 visualizaciones
1 Respuesta
0

Yes, you can use an instance profile to automatically assign an AWS Identity and Access Management (IAM) role to your DHMC EC2 instances. To do so, you can create an IAM role with the necessary permissions and then create an instance profile that is associated with that role.

Here are the high-level steps to achieve this:

  1. Create an IAM role with the necessary permissions for your EC2 instances to interact with AWS services.
  2. Create an instance profile and associate it with the IAM role.
  3. Launch your DHMC EC2 instances with the instance profile.

Once you have done this, the AWS CLI should be able to automatically retrieve credentials for your IAM role and your EC2 instances will be able to interact with AWS services without having to manually configure credentials.

You can find more detailed instructions on how to create an IAM role and instance profile in the AWS documentation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#create-iam-role.

hash
respondido hace un año
  • Harikrishna
    hace 3 meses

    Hi, Manually attaching the instance profile to the EC2 instance works fine but is there a way to make the DHMC role assumed by all the EC2 instances automatically?

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante