AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約

Do I need to create a IAM user to assume a role?

0

I created an application in typescript that talks to AWS Fargate tasks. But I need to create temporary access and secret keys to be used in the application. Do I need to create an IAM user and assign the role to be assumed by that user, or, is it possible to use the IAM Role that has the required permissions in the application without providing an IAM user creds?

1回答
3
承認された回答

To your question, IAM roles can be assumed by IAM User and IAM role. Please refer Use IAM Roles for complete list of who can assume roles and method of assuming role.

Additionally refer Temporary credentials request.

Your application can leverage either IAM User or IAM Roles Anywhere for this purpose.

  1. With IAM User, IAM user would have access of AssumeRole for that role and you'd make sure that IAM role has all the required permissions to access AWS resources, which your typescript application needs. IAM user would be considered simple but less secure way of doing this as you'll store the access key and secret access key somewhere and can be leaked. If you go with IAM user route, I'd advise you to keep rotating them periodically and use variables for these and store them in a file and that credential file can be read by specific set of users only.

  2. IAM Roles Anywhere is relatively new feature and cal also be used in this use case, please refer following two blog posts, which covers the topic and provide guidance, how to set it up:

Hope this explanation helps.

Abhishek

profile pictureAWS
エキスパート
回答済み 1年前
profile picture
エキスパート
レビュー済み 5ヶ月前
profile pictureAWS
エキスパート
レビュー済み 1年前
  • If the application is running outside of AWS, I would then need an IAM user tied to that assumed role correct?

  • There are two ways, you can do that, one is use IAM user and that IAM user would have assume role permissions for the role that has all the required permissions.

    Other one is IAM role anywhere, relatively new feature for same use case. I have added these details to my answer too.

    Don't hesitate to ask further questions, happy to help.

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ