Configure AWS access using IAM role for EC2

This method allows you to create an IAM role for C8 and assume it from another role.

Step 1: Create IAM Role for EC2

Please refer to the official AWS documentation about creating an AWS IAM role for the EC2

Step 2: Create IAM Role to assume by EC2 instance role.

Step 2.1: Download IAM Policy

Download the IAM policy that grants read permissions to all AWS resources:

curl -o sh-c8-discovery-policy.json https://configure8-resources.s3.us-east-2.amazonaws.com/iam/sh-c8-discovery-policy.json

Step 2.2: Create IAM Policy

Create the IAM policy:

aws iam create-policy --policy-name sh-c8-discovery-policy --policy-document file://sh-c8-discovery-policy.json

Step 2.3: Create IAM Role

Create an IAM role that can be assumed by EC2 roles:

Name

Description

# Generate a JSON file for the trust relationship
cat >trust-relationship.json <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::${account_id}:role/${ec2_role}"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
EOF

Create an IAM role with a defined trust relationship and description

aws iam create-role --role-name sh-c8-discovery --assume-role-policy-document file://trust-relationship.json --description "sh-c8-discovery"

Attach the sh-c8-discovery-policy policy to the sh-c8-discovery role

aws iam attach-role-policy --role-name sh-c8-discovery --policy-arn=arn:aws:iam::${account_id}:policy/sh-c8-discovery-policy

Note If you want to discover more AWS accounts, please repeat the 2nd step for each account.

PreviousConfigure AWS access for the discovery job using service account (AWS EKS)NextConfigure AWS access using access keys for IAM users

Last updated 8 months ago