When you create a role for EC2 https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#create-iam-role you should select EC2 as the service in the first screen of the IAM create role UI. This service is the one that has permission to assume the role, so you need to grant EC2 permission to assume the role in order to provide the credentials to the instance.
On the next screen where you are attaching policies to the role, you would select SecretsManagerReadWrite which grants permission for "secretsmanager:*" as well as a number of other permissions. Alternatively, if you know exactly what permissions you need on the instance, you could skip attaching a policy and write a stripped down in-line policy to provide least privileges to the instance.
Ok, thanks, now is more clear.
How do I retrieve my secrets from secret manager in a pipeline build?asked 7 months ago
Cannot access Secrets Manager from Lightsailasked 7 months ago
How do I allow EC2 Agent to retrieve Secrets from Secret Manager when using CodeDeploy?asked 6 months ago
How does an EC2 instance assume an IAM Role?Accepted Answerasked 8 months ago
Where and how exactly does Secrets Manager store Secretsasked 3 months ago
Access Control in Secrets Manager for Federated Usersasked 10 months ago
Access secrets from secrets manager into the code the running EC2 dockerasked 7 months ago
Create an IAM role to read from Secrets Managerasked 2 years ago
AWS Secrets Manager with boto3 in pythonAccepted Answerasked a year ago
Access to Secrets Manager from pod in EKSasked 10 months ago