Comments on What is the PassRole permission in AWS and how to use it

An IAM service is provided by many cloud service providers as a measure to control access to cloud resources. In this tutorial you will learn how to use the ‘IAM Passrole’ permission. We will also demonstrate a simple example on how to connect an EC2 instance with a private S3 bucket using this concept.

1 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Larry Kor
Reply  

I have one comment and one question.

Comment:

The reason why another EC2 instance was not able to access S3 is because in the first place it was not attached with that Instance profile ( EC2S3Access Role) . So even if the user who connected to the second EC2 has the passrole permission the EC2S3Access role was not avaiable to that EC2 to be passed on to the AWS CLI application. Is that a better way to explain the failure for the second EC2 instance in accessing S3?

Question:

Does it mean that any instance profile (role) attached to the EC2 and whatever the IAM policies attached to the user who invoked the EC2 instance, these policies will never be automatically inherited by any applications when the application runs inside the EC2 instance? Therefore you need to achieve the inheritance through the passrole policy explicitly??

Regards,Larry