undefined | Better HN

0 pointsnotoverthere8y ago0 comments

This sort of model also fits nicely with the AWS ecosystem. EC2 instances (virtual machines) can be given an IAM Role when they boot-up. An IAM Role is essentially an automatically generated access key which is unique to that EC2 instance, and has pre-determined permissions.

So in other words – a unique key is generated every time a virtual machine is created. It's fully automated, never shared between instances, and never needs to be handled manually. That key will give the virtual machine permission to access other AWS services, in this case the AWS Secrets Manager.

So as long as you're using EC2 instances, you won't need to worry about securely passing a 'master password' to your VMs in order for them to access secrets.

0 comments

sowbug8y ago

I see. So there actually is a bit of magic involved.

I exist, therefore I can.

mwarkentin8y ago

Yep - they have similar functionality for task roles (aka docker containers on ECS) and Lambdas as well.

j / k navigate · click thread line to collapse