En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Dynamically assign an IAM Role between an IAM user and and EC2 instance

0

I have an IAM Role created; currently assigned to an EC2 instance and works great. How do I dynamically assign the same IAM Role between an IAM user and an EC2 instance? Thanks!

Sujets
Sécurité, identité et conformité
Balises
Politiques IAM
Langue
English
AWS-User-5348318-bs
demandé il y a 2 ans647 vues
2 réponses
1

In short: Please don't!
Instances (systems) usually have a usage pattern that is totally different from humans. Mixing up their rights is a bound to conflict with the principle of "least privilege".

If somehow you have a use-case that requires this (please double-check!):

  • Write the policy into a managed policy
  • Attach it to the instance profile
  • Attach it to the user (or better, their group)
profile pictureAWS
Obijan
répondu il y a 2 ans
1

Update the Trust Policy of the role to something like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com",
                "AWS": "arn:aws:iam::0123456789012:user/johnsmith"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
profile pictureAWS
EXPERT
kentrad
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents