Home › Forums › AWS › AWS Certified DevOps Engineer Professional › IM Role to on-premise servers
-
-
Hello Haridev,
Thanks for the feedback.
The on-premises server does not directly assume the IAM Role. Rather, the SSM agent inside the server assumes that role to communicate with the AWS Systems Manager service.
We will revise the wordings for this option to avoid confusion.
Let me know if you have other queries.
Regards,
Carlo @ Tutorials Dojo
-
Hi Haridev,
Take note you cannot directly attach an IAM Role to your on-premises servers. You have to set up your on-premises servers as “on-premises instances” in CodeDeploy with a static IAM Role that your servers can assume.
In this scenario, we are using AWS CodeDeploy to automate the deployment process in your VPC and on your on-premises data center. You can install and configure CodeDeploy agents in your on-premises servers with an associated IAM Role that can be used to communicate with your AWS resources.
This process can be seen here:
The correct answer didn’t say “attach” but rather, “associate” which means two things.
You can also associate an IAM Service Role in AWS Systems Manager if you’re setting up a hybrid environment: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html
Regards,
Jon Bonso
-
Hi Jon/Carlo,
Thanks for the responses. At least to me the discussions I found useful and healthy. Regarding the technical process of how things works, I think we all had some experience and are on the same page. It more about how to approach the question “read between the lines” as they say. I definitely got a different vantage point from your responses – that’s why I come here for.
By the way “attach” & “associate” are they really concepts in AWS literature and they have these meanings? – I think I have to read more.
- This reply was modified 3 years, 3 months ago by Haridev Ngangbam.
- This reply was modified 3 years, 3 months ago by Haridev Ngangbam.
-
You can see the term “attach an IAM Role” in the actual AWS Management Console (see attached) as well as in the official AWS Documentation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
Conversely, the term “Associate” is used if you want to add an Elastic IP address to your Amazon EC2 instances, or to other use cases.
-
-
The primary use case of an IAM Role is to grant access/permissions to your AWS resources. You can also access your AWS Resources through the AWS API, which uses IAM User credentials for authentication.
As a rule of thumb, you can directly attach an IAM Role to your EC2 Instances.
For on-premises servers, you cannot directly attach an IAM Role but you can associate an IAM Role to the CodeDeploy agent that’s installed on your on-premises servers or through the <b style=”font-family: inherit; font-size: inherit;”>register-on-premises-instance command.
So going back to your original question –– yes, you can definitely associate an IAM Role to your on-premises servers
Cheers,
Jon Bonso
-
No, there is no such concept as “associate” in the context of IAM.
to use Codedeploy on on-prem servers, we rather have to follow a longer process of instance registration, of course you use the Role to do that.
I am sure you know this better.
-
-
-
-
Log in to reply.