AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

SSM Automation - Download file from S3 - Assume Role

0

I am trying to figure out how to download file(s) from S3, using an SSM Automation document. Note, this is not a "Command" document type, as I need to use Assume Role. The instances themselves shouldn't have access to the bucket by default, which is why I need the Assume Role bit. DownloadContent with a "Command" document type requires the instance to have the IAM policies/roles attached that can read the bucket.

Is there a way to do this without having the iam policy on each instance being modified/have access to the bucket?

주제
스토리지보안, 신원 및 규정 준수관리 및 거버넌스
태그
아마존 심플 스토리지 서비스AWS 자격 증명 및 액세스 관리AWS 시스템 관리자
언어
English
raithedavion
질문됨 2년 전1391회 조회
1개 답변
0

With the information provided the easiest way I would find to do this is to first create a role with a policy that allows access to the bucket, then assign the role through the sts:AssumeRole action on the instance profile.

This should allow the instance to assume the role and have access to the bucket both manually and/or automating through SSM.

nissyangel
답변함 2년 전
  • raithedavion
    2년 전

    Ya, trying to do this without putting permissions on an instance I don't want them to normally have. Really prefer to do this just through SSM's assume role.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠