Automagically Assuming AWS Roles for EC2/ECS

Featured image for sharing metadata for article

If you're managing AWS infrastructure, it's very likely you're deploying services onto AWS EC2/ECS and using IAM roles to restrict the amount of access each instance has.

You may find that you're always assuming the same roles, and that to save time, you want to auto-assume the role.

Fortunately, you can set this up using the role_arn and credential_source parameters:

aws configure set role_arn ${DEPLOYER_ROLE_ARN}
# either of the below
aws configure set credential_source Ec2InstanceMetadata
aws configure set credential_source EcsContainer

Note that isn't always a good idea, as you may have lots of other roles to assume, so can't have a specific role as the primary one, or you may want to protect your infrastructure in the case of a breach, so don't want to fill in the gaps by providing a pre-filled role that an attacker could utilise.

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#blogumentation #aws.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.