Adobe Campaign Classic v7 & Campaign v8

shaohong · 3/30/22

I only saw the mentioning of using access key method to authenticate to AWS in Adobe's documentation about AWS s3 external account: https://experienceleague.adobe.com/docs/campaign-standard/using/administrating/application-settings/...

If a workflow server runs on an AWS EC2 instance, a much easier approach to manage AWS resource access is to use EC2 isntance profile and its associated role. i.e. I'm allowed to access certain S3 resource because I am making the API call from this particular server.

I wonder if AC V7/V8 support that approach? it would be nice to avoid managing those access key and secret.

Regards,

Shaohong

Manoj_Kumar_ · 4/2/22

Hello @shaohong

Even if you have assigned the permission to both S3 and EC2 instance to the same profile in IAM. The application hosted on EC2 won't even know if these permissions actually exists because all this is happening in different layers.

To create a bridge between two different layers we need the access keys. So it is not possible to do it without access keys

Manoj
Find me on LinkedIn

View solution in original post

Manoj_Kumar_ · 4/2/22

Hello @shaohong

Even if you have assigned the permission to both S3 and EC2 instance to the same profile in IAM. The application hosted on EC2 won't even know if these permissions actually exists because all this is happening in different layers.

To create a bridge between two different layers we need the access keys. So it is not possible to do it without access keys

Manoj
Find me on LinkedIn

Adobe Campaign Classic v7 & Campaign v8

Can Amazon S3 external account use Ec2 instance profile and role?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe