Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Can Amazon S3 external account use Ec2 instance profile and role?

Avatar

Level 2

I only saw the mentioning of using access key method to authenticate to AWS in Adobe's documentation about AWS s3 external account: https://experienceleague.adobe.com/docs/campaign-standard/using/administrating/application-settings/...

 

If a workflow server runs on an AWS EC2 instance, a much easier approach to manage AWS resource access is to use EC2 isntance profile and its associated role. i.e. I'm allowed to access certain S3 resource because I am making the API call from this particular server. 

 

I wonder if AC V7/V8 support that approach? it would be nice to avoid managing those access key and secret.

 

Regards,

Shaohong

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hello @shaohong 

 

Even if you have assigned the permission to both S3 and EC2 instance to the same profile in IAM. The application hosted on EC2 won't even know if these permissions actually exists because all this is happening in different layers.

 

To create a bridge between two different layers we need the access keys. So it is not possible to do it without access keys

 

 

View solution in original post

1 Reply

Avatar

Correct answer by
Community Advisor

Hello @shaohong 

 

Even if you have assigned the permission to both S3 and EC2 instance to the same profile in IAM. The application hosted on EC2 won't even know if these permissions actually exists because all this is happening in different layers.

 

To create a bridge between two different layers we need the access keys. So it is not possible to do it without access keys