AWS Secrets: Configure role-based authentication

Overview

Role-based authentication is required for Amazon Elastic Compute Cloud (Amazon EC2).

With role-based authentication, a default configuration with the alias DEFAULT_AWS is provided. To use role-based authentication, set up the SnapLogic account using an expression that calls secrets.read with this alias.

  1. In AWS Identity and Access Management (IAM), set up policies and a role.
    1. In AWS, navigate to the IAM service.
    2. Create policies to provide access to EC2 and to AWS Secrets Manager.
      The following minimum access is required:
      • EC2 instance: read and write access
      • EC2 Instance Metadata Service: read access
      • AWS Secrets Manager: read access to the secrets used by the EC2 instance
    3. Configure a role to use with the EC2 instance.
      1. Under Access management > Roles, create a role.
      2. Assign the EC2 and AWS Secrets Manager policies to that role.
  2. Configure the EC2 instance that hosts your SnapLogic Groundplex.
    1. Associate the new role with your EC2 instance.
    2. Enable the Instance Metadata Service for your EC2 instance.
  3. Configure dynamic SnapLogic accounts to connect to AWS Secrets Manager and to authenticate.