Lightsail and KMS


I created a IAM user with access to Lightsail and KMS. Is this sufficient to call KMS? Since KMS is a core service, it will be helpful if you can bring KMS like S3 within Lightsail console.

  • Please clarify how you would like to access the KMS.
    Are you a developer using an IAM user who wants to access KMS?
    Or is it an application in Lightsail?

asked 2 years ago476 views
2 Answers

Hi! Lightsail uses a service-linked role in IAM which means that it is the service itself which has access to KMS to do what is needed for operating Lightsail. You can read more about that here

Hope this helps!

profile pictureAWS
answered 2 years ago
  • I am not the one asking the question, but I am simply curious.

    In the Lightsail documentation that Bent_T referred me to, it appears that service-linked role do not have permission to access KMS.

    It also states that service-linked role cannot be edited.

    If this is the case, is it still possible to access KMS with service-linked role?

    Incidentally, one method I have found for accessing other AWS services from Lightsail is to use the credentials of an IAM user. [1]

    [1] amazon web services - Can I access AWS Parameter store from Lightsail instance?

Accepted Answer

The answer of service linked role provided was not helpful. What we did was create a IAM service account, provided IAM permissions for KMS. Then used API keys to encrypt/decrypt within my application hosted in Lightsail.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions