adrianhesketh.com

Creating AWS Instance Roles With Terraform

One of the difficult parts of deploying any application is managing the passwords, certificates and other secret parts of the deployment.

When you’re using AWS services from an EC2 instance, you can set your instance up with a role which allows it to access services rather than embedding the secrets in the configuration of your application.

Here’s an example Terraform file showing the required parts:

The Terraform script also creates the S3 bucket and an instance to demonstrate.

Once the instance is started, if you RDP into it, you can use the pre-installed AWS command line tools and you’ll find that you can access the bucket:

Copy-S3Object -BucketName bucket-name -Key Website.zip -LocalFile C:\Users\Administrator\Website.zip

There’s more useful stuff over here: http://blogs.aws.amazon.com/security/post/TxPOJBY6FE360K/IAM-policies-and-Bucket-Policies-and-ACLs-Oh-My-Controlling-Access-to-S3-Resourc