EC2 Instance Profile – If i have set aws credential using AWS config and also add IAM Role to Instance then which credential take into effects? E.g. using aws config credential i have not give S3 access and IAM role attached to instance has s3 access then EC2 will get S3 access?
1 Answers
Hi Deepak,
The recommended way is to always use IAM roles assigned to EC2 instances rather than setting up the AWS CLI using access keys. The IAM role will be always there for the lifetime of the instance or unless you remove it from the instance. You can setup the CLI using access keys (like you said ‘aws config’) but you have to do that intentionally. If that configuration is not there, and the role does allow S3 access as you say, then you can access S3 without needing to setup the access keys.
–Scott