- Newest
- Most votes
- Most comments
When you create a role for EC2 https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#create-iam-role you should select EC2 as the service in the first screen of the IAM create role UI. This service is the one that has permission to assume the role, so you need to grant EC2 permission to assume the role in order to provide the credentials to the instance.
On the next screen where you are attaching policies to the role, you would select SecretsManagerReadWrite which grants permission for "secretsmanager:*" as well as a number of other permissions. Alternatively, if you know exactly what permissions you need on the instance, you could skip attaching a policy and write a stripped down in-line policy to provide least privileges to the instance.
Relevant content
- asked 4 months ago
- asked 3 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago