Can Amazon S3 external account use Ec2 instance profile and role?

Question

I only saw the mentioning of using access key method to authenticate to AWS in Adobe's documentation about AWS s3 external account: https://experienceleague.adobe.com/docs/campaign-standard/using/administrating/application-settings/external-accounts.html?lang=en#amazon-s3-external-account.

If a workflow server runs on an AWS EC2 instance, a much easier approach to manage AWS resource access is to use EC2 isntance profile and its associated role. i.e. I'm allowed to access certain S3 resource because I am making the API call from this particular server.

I wonder if AC V7/V8 support that approach? it would be nice to avoid managing those access key and secret.

Regards,

Shaohong

Manoj_Kumar · Accepted Answer

Hello @shaohong

Even if you have assigned the permission to both S3 and EC2 instance to the same profile in IAM. The application hosted on EC2 won't even know if these permissions actually exists because all this is happening in different layers.

To create a bridge between two different layers we need the access keys. So it is not possible to do it without access keys

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded