When you run the AWS CLI from within an Amazon Elastic Compute Cloud (Amazon EC2) instance, you can simplify providing credentials to your commands. Each Amazon EC2 instance contains metadata that the AWS CLI can directly query for temporary credentials. When an IAM role is attached to the instance, the AWS CLI automatically and securely retrieves the credentials from the instance metadata.
To disable this service, use the AWS_EC2_METADATA_DISABLED environment variable.
To use Amazon EC2 credentials with the AWS CLI, you need to complete the following:
To specify that you want to use the credentials available in the hosting Amazon EC2 instance profile, use the following syntax in the named profile in your configuration file. See the following steps for more instructions.
[profile profilename
]
role_arn = arn:aws:iam::123456789012:role/rolename
credential_source = Ec2InstanceMetadata
region = region
Create a profile in your configuration file.
[profile profilename
]
Add your IAM arn role that has access to the resources needed.
role_arn = arn:aws:iam::123456789012:role/rolename
Specify Ec2InstanceMetadata
as your credential source.
credential_source = Ec2InstanceMetadata
Set your Region.
region = region
Example
The following example assumes the
role and uses the marketingadminrole
Region in an Amazon EC2 instance profile named us-west-2
.marketingadmin
[profile marketingadmin
]
role_arn = arn:aws:iam::123456789012:role/marketingadminrole
credential_source = Ec2InstanceMetadata
region = us-west-2
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4