Using IAM Roles with Powershell AWS Utilities
Hello! 
Yesterday, my colleague wrote an article about using s3cmd on Windows . There is no easier solution outside of AWS . Yes, and familiar, is not it?
But I remembered my article about PowerShell utilities from AWS , and the ability to use server roles. And I realized that inside AWS from Windows, working with S3, and with all other AWS services, is extremely simple. You can read about IAM roles here .
')
In short, the server role enables us to automatically obtain access keys to AWS resources.
So, from the abundance of links, let's move on to the process of creating a role, and of working with it.
In the IAM console, go to the Roles menu. Next, create an IAM role, for example, with full access to S3:
Choose Amazon EC2 - our servers will be launched there:
In the rights role, select the desired item: S3 Full Access:
Last check whether everything is correct:
Next, we need to start the server with the role just created:
After a while, we go to the server and go to PowerShell. In order to get the AWS access keys from the server, you should run just one command:
After that, AWS access keys with IAM role privileges will be loaded from the server profile.
Then, for example, with the Copy-S3Object command, we can download the file to disk:
That's all, everything works without the instructions of the keys and other unnecessary priblud.
Ps. Python utilities awscli work on the same principle. Only no additional commands are needed, everything is already working out of the box.
Yesterday, my colleague wrote an article about using s3cmd on Windows . There is no easier solution outside of AWS . Yes, and familiar, is not it?
But I remembered my article about PowerShell utilities from AWS , and the ability to use server roles. And I realized that inside AWS from Windows, working with S3, and with all other AWS services, is extremely simple. You can read about IAM roles here .
')
In short, the server role enables us to automatically obtain access keys to AWS resources.
So, from the abundance of links, let's move on to the process of creating a role, and of working with it.
In the IAM console, go to the Roles menu. Next, create an IAM role, for example, with full access to S3:
Choose Amazon EC2 - our servers will be launched there:
In the rights role, select the desired item: S3 Full Access:
Last check whether everything is correct:
Next, we need to start the server with the role just created:
After a while, we go to the server and go to PowerShell. In order to get the AWS access keys from the server, you should run just one command:
PS C:\Users\Administrator> Set-AWSCredentials After that, AWS access keys with IAM role privileges will be loaded from the server profile.
Then, for example, with the Copy-S3Object command, we can download the file to disk:
Copy-S3Object -SourceBucket MyBucket -SourceKey FileName "C:\FileName"
That's all, everything works without the instructions of the keys and other unnecessary priblud.
Ps. Python utilities awscli work on the same principle. Only no additional commands are needed, everything is already working out of the box.
Source: https://habr.com/ru/post/181233/
All Articles