SSM Automation - Download file from S3 - Assume Role
I am trying to figure out how to download file(s) from S3, using an SSM Automation document. Note, this is not a "Command" document type, as I need to use Assume Role. The instances themselves shouldn't have access to the bucket by default, which is why I need the Assume Role bit. DownloadContent with a "Command" document type requires the instance to have the IAM policies/roles attached that can read the bucket.
Is there a way to do this without having the iam policy on each instance being modified/have access to the bucket?
With the information provided the easiest way I would find to do this is to first create a role with a policy that allows access to the bucket, then assign the role through the sts:AssumeRole action on the instance profile.
This should allow the instance to assume the role and have access to the bucket both manually and/or automating through SSM.
Ya, trying to do this without putting permissions on an instance I don't want them to normally have. Really prefer to do this just through SSM's assume role.
AWS S3 tar.gz compressed files issue after download from S3asked 5 years ago
Can't download file from S3 bucket in another accountasked 2 years ago
Batch download files from multiple different folders in the same S3 bucketasked 3 months ago
S3 download large files (.Net)asked 5 months ago
Running an automation document starting from a specific step?Accepted Answerasked 4 months ago
SSM Automation Run Command longer than default 3600 secondsasked 5 years ago
SSM Automation - Download file from S3 - Assume Roleasked 2 months ago
Download an object from S3 in a run documentasked 3 years ago
How to Download any file from s3 using the pyspark kernel in emr notebook ?asked 2 years ago
AWS Trigger Automation from CloudWatch scheduled eventasked 3 years ago