AWS Secrets: Configure role-based authentication

Overview

Role-based authentication is required for Amazon Elastic Compute Cloud (Amazon EC2).

With role-based authentication, a default configuration with the alias DEFAULT_AWS is provided. To use role-based authentication, set up the SnapLogic account using an expression that calls secrets.read with this alias.

AWS IAM permissions to create roles
A SnapLogic Groundplex in an AWS EC2 instance
The EC2 instance and the Secrets Manager must be in the same AWS region.
Permissions to update the Groundplex nodes

In AWS Identity and Access Management (IAM), set up policies and a role.
1. In AWS, navigate to the IAM service.
2. Create policies to provide access to EC2 and to AWS Secrets Manager.
  The following minimum access is required:
  - EC2 instance: read and write access
  - EC2 Instance Metadata Service: read access
  - AWS Secrets Manager: read access to the secrets used by the EC2 instance
3. Configure a role to use with the EC2 instance.
  1. Under Access management > Roles, create a role.
  2. Assign the EC2 and AWS Secrets Manager policies to that role.
Configure the EC2 instance that hosts your SnapLogic Groundplex.
1. Associate the new role with your EC2 instance.
2. Enable the Instance Metadata Service for your EC2 instance.
Configure dynamic SnapLogic accounts to connect to AWS Secrets Manager and to authenticate.