Test IAM Role in EC2 instance with docker compose
- Make policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "kms:Sign",
"Resource": "arn:aws:kms:us-east-2:<ACCOUNT_ID>:key/<KEY_ID>"
}
]
}
- Make IAM Role
- Make KMS
- Allow IAM Role as KMS user
- Make EC2 instance
- Bind IAM role to EC2 instance
- Run docker-compose up -d
version: '3'
services:
9c-headless:
image: ubuntu
command: sleep 10000
- Attach to D
docker run -it <container_ name> /bin/bash
- Install awscli
apt update && apt upgrade && apt install -y awscli
- Run the command
aws kms --region us-east-2 sign --key-id <KEY_ID> --message aaa --signing-algorithm ECDSA_SHA_256
It doesn't use aws configure so I think they can be removed well.
But the above thing was too simple so I'm not sure the policy's permissions 🤔 I think it should prepare local testing.
AWS_ACCESS_KEY,AWS_SECRET_KEYenvironment variables. (Coding)Test IAM Role in EC2 instance with docker compose
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "kms:Sign", "Resource": "arn:aws:kms:us-east-2:<ACCOUNT_ID>:key/<KEY_ID>" } ] }It doesn't use
aws configureso I think they can be removed well.But the above thing was too simple so I'm not sure the policy's permissions 🤔 I think it should prepare local testing.