AWS Secrets: Configure role-based authentication
Role-based authentication is required for Amazon Elastic Compute Cloud (Amazon EC2).
With role-based authentication, a default configuration with the alias
DEFAULT_AWS is provided.
To use role-based authentication, set up the SnapLogic account using an expression that calls
secrets.read with this alias.
- AWS IAM permissions to create roles
- A SnapLogic Groundplex in an AWS EC2 instance
- The EC2 instance and the Secrets Manager must be in the same AWS region.
- Permissions to update the Groundplex nodes
- In AWS Identity and Access Management (IAM), set up policies and a role.
- In AWS, navigate to the IAM service.
- Create policies to provide access to EC2 and to AWS Secrets Manager.
The following minimum access is required:
- EC2 instance: read and write access
- EC2 Instance Metadata Service: read access
- AWS Secrets Manager: read access to the secrets used by the EC2 instance
- Configure a role to use with the EC2 instance.
- Under , create a role.
- Assign the EC2 and AWS Secrets Manager policies to that role.
- Configure the EC2 instance that hosts your SnapLogic Groundplex.
- Configure dynamic SnapLogic accounts to connect to AWS Secrets Manager and to authenticate.