Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

SSM Automation - Download file from S3 - Assume Role

0

I am trying to figure out how to download file(s) from S3, using an SSM Automation document. Note, this is not a "Command" document type, as I need to use Assume Role. The instances themselves shouldn't have access to the bucket by default, which is why I need the Assume Role bit. DownloadContent with a "Command" document type requires the instance to have the IAM policies/roles attached that can read the bucket.

Is there a way to do this without having the iam policy on each instance being modified/have access to the bucket?

Argomenti
ArchiviazioneSicurezza, identità e conformitàGestione e amministrazione
Tag
Servizio di archiviazione semplice di AmazonGestione identità e accesso AWSGestore dei sistemi AWS
Lingua
English
raithedavion
posta 2 anni fa1391 visualizzazioni
1 Risposta
0

With the information provided the easiest way I would find to do this is to first create a role with a policy that allows access to the bucket, then assign the role through the sts:AssumeRole action on the instance profile.

This should allow the instance to assume the role and have access to the bucket both manually and/or automating through SSM.

nissyangel
con risposta 2 anni fa
  • raithedavion
    2 anni fa

    Ya, trying to do this without putting permissions on an instance I don't want them to normally have. Really prefer to do this just through SSM's assume role.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente