This link has been bookmarked by 61 people . It was first bookmarked on 21 Jan 2015, by jtbates.
-
31 Dec 17
-
17 Feb 16
-
01 Jun 15
-
23 Feb 15
-
11 Feb 15
-
01 Feb 15
-
28 Jan 15
-
26 Jan 15
-
24 Jan 15
-
23 Jan 15
-
-
4.7.5 Use IAM Roles instead of API Keys for EC2 Instances
Many AWS users will generate an API key and then pass it directly to the EC2 instance via environment variables, or worse, hard coding it.
AWS has a great tool to enable these permissions in a much cleaner way. You can create an IAM Role and assign it to a specific EC2 instance. You can then give that IAM Role permissions to access a particular S3 folder, or virtually any other AWS resource. When you do this, AWS will automatically populate Environment Variables on your EC2 instance with temporary API credentials.
This is the most secure way to enable access to AWS resources because there's simply no key to manage! Note that you can only assign an IAM Role to an EC2 instance when launching it.
-
Have a Policy for Employees Who Leave
-
Ideally, an employee who leaves would amount to nothing more than revoking his SSH Key as stored on the LDAP Server and deactivating his IAM User Account
-
-
22 Jan 15
-
-
A Comprehensive Guide to Building a Scalable Web App on Amazon Web Services - Part 1
-
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.