使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

SSM Automation - Download file from S3 - Assume Role

0

I am trying to figure out how to download file(s) from S3, using an SSM Automation document. Note, this is not a "Command" document type, as I need to use Assume Role. The instances themselves shouldn't have access to the bucket by default, which is why I need the Assume Role bit. DownloadContent with a "Command" document type requires the instance to have the IAM policies/roles attached that can read the bucket.

Is there a way to do this without having the iam policy on each instance being modified/have access to the bucket?

主題
儲存空間安全性、身分識別與合規管理與治理
標籤
Amazon Simple Storage ServiceAWS Identity and Access ManagementAWS Systems Manager
語言
English
raithedavion
已提問 2 年前檢視次數 1390 次
1 個回答
0

With the information provided the easiest way I would find to do this is to first create a role with a policy that allows access to the bucket, then assign the role through the sts:AssumeRole action on the instance profile.

This should allow the instance to assume the role and have access to the bucket both manually and/or automating through SSM.

nissyangel
已回答 2 年前
  • raithedavion
    2 年前

    Ya, trying to do this without putting permissions on an instance I don't want them to normally have. Really prefer to do this just through SSM's assume role.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容