AWS: IAM Roles for Servers
Hello! 
I want to talk about the IAM feature for AWS servers. A role is a collection of access rights that can be applied to a server. We can look at a specific example - to give the server access to S3, without manually clogging any keys.
Let's start the example.
')
We go to the IAM console and create the S3 role there.
Next, select Amazon EC2
Further Amazon S3 Full Access
Further, further, further.
We will launch a regular server with Amazon Linux (it immediately installed all the necessary tools). In Advanced Details, select the role you just created:
And we start the server.
Logging in to ssh on the server, we can get access keys by contacting
http://169.254.169.254/latest/meta-data/iam/security-credentials/S3
You can parse the response in JSON format and pull the necessary data out of it:
Next, the case of technology. We can conduct all operations with the services to which we have access.
I want to talk about the IAM feature for AWS servers. A role is a collection of access rights that can be applied to a server. We can look at a specific example - to give the server access to S3, without manually clogging any keys.
Let's start the example.
')
1. Create a role with the necessary rights
We go to the IAM console and create the S3 role there.
Next, select Amazon EC2
Further Amazon S3 Full Access
Further, further, further.
Run the server.
We will launch a regular server with Amazon Linux (it immediately installed all the necessary tools). In Advanced Details, select the role you just created:
And we start the server.
3. We are testing.
Logging in to ssh on the server, we can get access keys by contacting
http://169.254.169.254/latest/meta-data/iam/security-credentials/S3
You can parse the response in JSON format and pull the necessary data out of it:
{ "Code" : "Success", "LastUpdated" : "2012-11-29T16:23:50Z", "Type" : "AWS-HMAC", "AccessKeyId" : "ASIAI6G6HHSLUCRSUCQA", "SecretAccessKey" : "15WdeWs2H182T+j3ZKkK+JBOssFqWdxdVpsHHgBm", "Token" : "AQoDYXdzEDIagAL1yc69LLX+jH3tyDdf1rSk++Y1+4TrpYo4VUhHzcdFh3M9aWzUx1JCrWVoOr1Ghnkd3ALgUPBPtFrviuanVOSoXZBbuF0CKl3iVVLTJpEmOMStAAs0myrezYnUNVwIxIawSczxQkKIAuHDszV2mDFBBQ8RbKYu7wHAh+lQvUmfppyIcZ2kCHy/DtGuB9pYXxiNbTnFEN15LtOCojHdVicJSW4s5ynDd36GjsYYcAGmtDGNZXkUI/AS/ljgOtK1+7o9xN+M2RKJj7niL/iRv0LjWuTyTD9Z/D+p9k4KeLCiujKLTIt7g2VDiKqOg0r1OwI76Uh4q0MokEVH+PGuiccNILyY3oUF", "Expiration" : "2012-11-29T22:38:49Z" } Next, the case of technology. We can conduct all operations with the services to which we have access.
Source: https://habr.com/ru/post/160755/
All Articles