Accessing Cloud Data
Also available as:
PDF
loading table of contents...

Using Instance Metadata to Authenticate

If your cluster is running on EC2, the standard way to manage access is via Amazon Identity and Access Management (IAM), which allows you to create users, groups, and roles to control access to services such as Amazon S3 via attached policies. A role does not have any credentials such as password or access keys associated with it. Instead, if a user is assigned to a role, access keys are generated dynamically and provided to the user when needed. For more information, refer to IAM Roles for Amazon EC2 in Amazon documentation.

When launching your cluster on EC2, specify an IAM role that you want to use; if you are planning to use S3 with your cluster, make sure that the role associated with the cluster includes a policy that grants access to S3. For more information, refer to Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances in Amazon documentation. No additional configuration is required.

[Note]Note

You can use IAM Roles to control access to keys stored in Amazon's KMS Key Management service. For more information, refer to Overview of Managing Access to Your AWS KMS Resources in Amazon documentation.