- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hi! Lightsail uses a service-linked role in IAM which means that it is the service itself which has access to KMS to do what is needed for operating Lightsail. You can read more about that here https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-service-linked-roles
Hope this helps!
I am not the one asking the question, but I am simply curious.
In the Lightsail documentation that Bent_T referred me to, it appears that service-linked role do not have permission to access KMS.
It also states that service-linked role cannot be edited.
If this is the case, is it still possible to access KMS with service-linked role?
Incidentally, one method I have found for accessing other AWS services from Lightsail is to use the credentials of an IAM user. [1]
[1] amazon web services - Can I access AWS Parameter store from Lightsail instance?
https://stackoverflow.com/questions/71818943/can-i-access-aws-parameter-store-from-lightsail-instance
The answer of service linked role provided was not helpful. What we did was create a IAM service account, provided IAM permissions for KMS. Then used API keys to encrypt/decrypt within my application hosted in Lightsail.
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 anni fa
- Come posso risolvere gli errori 400 con accesso negato per il testo criptato di AWS KMS in AWS Glue?AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata un anno fa
Please clarify how you would like to access the KMS.
Are you a developer using an IAM user who wants to access KMS?
Or is it an application in Lightsail?