- 新しい順
- 投票が多い順
- コメントが多い順
When you create a role for EC2 https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#create-iam-role you should select EC2 as the service in the first screen of the IAM create role UI. This service is the one that has permission to assume the role, so you need to grant EC2 permission to assume the role in order to provide the credentials to the instance.
On the next screen where you are attaching policies to the role, you would select SecretsManagerReadWrite which grants permission for "secretsmanager:*" as well as a number of other permissions. Alternatively, if you know exactly what permissions you need on the instance, you could skip attaching a policy and write a stripped down in-line policy to provide least privileges to the instance.
関連するコンテンツ
- AWS公式更新しました 1年前