Feature #16191
closedEC2 IAM Role should be a VM setting rather than image setting
Description
Setting the IAM role as an attribute of the "image" means that you can only have "one" role. If you want to separate your "staging" from your "production" roles (for example), you have to use a different AMI because you cannot have two images with the same AMI. Also, you cannot "set" the value at host creation time. You can only chose an OS image, which has it attached, which is fairly limiting.
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
.. this may involve "instance profiles" -- http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
~tommy
Updated by Daniel Lobato Garcia over 8 years ago
- Tracker changed from Bug to Feature
Updated by Dominic Cleal over 8 years ago
- Category set to Compute resources - EC2
Updated by Dominic Cleal about 8 years ago
- Related to Feature #17286: using IAM role when querying AWS API added
Updated by Tommy McNeely over 6 years ago
I was asked to clarify this request. It has been a couple years since I filed it, but here is my best recollection...
We have a customer using IAM Roles, which assign dynamic IAM credentials to machines rather than having to manually create credentials and copy and paste them into a configuration.
The IAM Role setting is currently configured at the image level, which means where you associate the os version to the ami-xxxxxxxx ID. This setting needs to be configurable at the instance level instead of image level. I don't have a problem with being able to set a "default" IAM role at the image level, for a shop with low security requirements, but we cannot have the same role assigned to all instances.
Updated by Amir Fefer over 3 years ago
- Status changed from New to Closed
This won't be implemented any time soon, If it still relevant please reopen this.