Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified DevOps Engineer Professional IM Role to on-premise servers

  • IM Role to on-premise servers

  • Haridev Ngangbam

    Member
    August 4, 2021 at 9:06 pm

    Question in the picture. Can you even do this ? (Associate IM Role to on-premise servers)

  • Carlo-TutorialsDojo

    Administrator
    August 5, 2021 at 5:55 am

    Hello Haridev,

    Thanks for the feedback.

    The on-premises server does not directly assume the IAM Role. Rather, the SSM agent inside the server assumes that role to communicate with the AWS Systems Manager service.

    We will revise the wordings for this option to avoid confusion.

    Let me know if you have other queries.

    Regards,

    Carlo @ Tutorials Dojo

  • Tutorials-Dojo

    Administrator
    August 5, 2021 at 2:16 pm

    Hi Haridev,

    Take note you cannot directly attach an IAM Role to your on-premises servers. You have to set up your on-premises servers as “on-premises instances” in CodeDeploy with a static IAM Role that your servers can assume.

    In this scenario, we are using AWS CodeDeploy to automate the deployment process in your VPC and on your on-premises data center. You can install and configure CodeDeploy agents in your on-premises servers with an associated IAM Role that can be used to communicate with your AWS resources.

    This process can be seen here:

    https://docs.aws.amazon.com/codedeploy/latest/userguide/register-on-premises-instance-iam-session-arn.html

    The correct answer didn’t say “attach” but rather, “associate” which means two things.

    You can also associate an IAM Service Role in AWS Systems Manager if you’re setting up a hybrid environment: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html

    Regards,

    Jon Bonso

    • Haridev Ngangbam

      Member
      August 5, 2021 at 6:37 pm

      Hi Jon/Carlo,

      Thanks for the responses. At least to me the discussions I found useful and healthy. Regarding the technical process of how things works, I think we all had some experience and are on the same page. It more about how to approach the question “read between the lines” as they say. I definitely got a different vantage point from your responses – that’s why I come here for.

      By the way “attach” & “associate” are they really concepts in AWS literature and they have these meanings? – I think I have to read more.

      • Tutorials-Dojo

        Administrator
        August 6, 2021 at 8:55 am

        You can see the term “attach an IAM Role” in the actual AWS Management Console (see attached) as well as in the official AWS Documentation:

        https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

        Conversely, the term “Associate” is used if you want to add an Elastic IP address to your Amazon EC2 instances, or to other use cases.

        • Haridev Ngangbam

          Member
          August 6, 2021 at 5:44 pm

          “associate” not with IAM Role, Isn’t?

          • Tutorials-Dojo

            Administrator
            August 7, 2021 at 8:04 am

            The primary use case of an IAM Role is to grant access/permissions to your AWS resources. You can also access your AWS Resources through the AWS API, which uses IAM User credentials for authentication.

            As a rule of thumb, you can directly attach an IAM Role to your EC2 Instances.

            For on-premises servers, you cannot directly attach an IAM Role but you can associate an IAM Role to the CodeDeploy agent that’s installed on your on-premises servers or through the <b style=”font-family: inherit; font-size: inherit;”>register-on-premises-instance command.

            https://docs.aws.amazon.com/codedeploy/latest/userguide/register-on-premises-instance-iam-session-arn.html

            So going back to your original question –– yes, you can definitely associate an IAM Role to your on-premises servers

            Cheers,

            Jon Bonso

            • Haridev Ngangbam

              Member
              August 7, 2021 at 5:10 pm

              No, there is no such concept as “associate” in the context of IAM.

              to use Codedeploy on on-prem servers, we rather have to follow a longer process of instance registration, of course you use the Role to do that.

              I am sure you know this better.

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now