EC2 instance profile policy creation

0
votes

Good day!

I have been handed-over a cloud application which consists of an ec2 instance, I need to attach an ec2-instance-profile role to that ec2 instance but I am not sure what access does this ec2 instance have with other services like s3, Jenkins, RDS DB etc.,

How can I figure out what relationship this ec2 instance have with other aws services, so that I can draft a fresh IAM policy and attach the policy to a role for ec2 instance profile.

Note: I do not have a document to know the architecture of this application, but my only task is to assign an instance profile to this ec2 instance, that is the challenge. As this application is working without any instance profile, my new instance profile should not impact the application.

Any help is highly appreciated.

1
amazon-web-servicesamazon-ec2amazon-iam

1 Answers

2
votes

You should start by determining what AWS credentials are being used on the instance.

The credentials are typically stored in the ~/.aws/credentials file. This will contain an Access Key and Secret Key. It might contain multiple credentials.

You could then look in IAM to determine what permissions have been assigned to that IAM User. It is likely that these are the same permissions that you will need to assign to an IAM Role that will be assigned to the instance.

Then, it would simply be a matter of removing the credentials file, which will cause any apps to use the credentials provided via the EC2 instance profile (which is basically an IAM Role assigned to the instance).

Of course, you should do some testing to make sure this works!