- 新しい順
- 投票が多い順
- コメントが多い順
Hi! Lightsail uses a service-linked role in IAM which means that it is the service itself which has access to KMS to do what is needed for operating Lightsail. You can read more about that here https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-service-linked-roles
Hope this helps!
I am not the one asking the question, but I am simply curious.
In the Lightsail documentation that Bent_T referred me to, it appears that service-linked role do not have permission to access KMS.
It also states that service-linked role cannot be edited.
If this is the case, is it still possible to access KMS with service-linked role?
Incidentally, one method I have found for accessing other AWS services from Lightsail is to use the credentials of an IAM user. [1]
[1] amazon web services - Can I access AWS Parameter store from Lightsail instance?
https://stackoverflow.com/questions/71818943/can-i-access-aws-parameter-store-from-lightsail-instance
The answer of service linked role provided was not helpful. What we did was create a IAM service account, provided IAM permissions for KMS. Then used API keys to encrypt/decrypt within my application hosted in Lightsail.
関連するコンテンツ
AWS公式更新しました 3年前- AWS公式更新しました 1年前
- AWS公式更新しました 3年前
Please clarify how you would like to access the KMS.
Are you a developer using an IAM user who wants to access KMS?
Or is it an application in Lightsail?