AWS IAM Roles Anywhere

A couple years back I wrote a post to share how to create AWS instance profile for on-premise servers. That was to use SSM agent and Lambda function to manage the IAM credentials for the on-premise servers. Starting early this month, the AWS native solution for such use cases are available — AWS IAM Role Anywhere.

Simply speaking, IAM roles anywhere enables anyone/server to assume an IAM role via a pair of certificates that are issued by the trusted private CA in ACM.

The basic steps are like:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jackie Chen

Jackie Chen

We are all apprentices in a craft where no one ever becomes a master.