What does trusting the service `ec2.amazonaws.com` permit?

72 Views Asked by Derek Brown At 04 April 2025 at 14:25

Suppose I have the following IAM Trust Policy (written in Terraform):

data "aws_iam_policy_document" "my_trust_policy" {
  statement {
    actions = ["sts:AssumeRole"]

    effect = "Allow"

    principals {
      type        = "Service"
      identifiers = ["ec2.amazonaws.com"]
    }
 }

resource "aws_iam_role" "my_iam_role" {
  name = "my_iam_role"
  assume_role_policy = data.aws_iam_policy_document.my_trust_policy.json
}

Does this effectively allow any EC2 instance to assume this role, and any permissions attached to this role?

Original Q&A

There are 1 best solutions below

Caldazar On 02 November 2023 at 18:45

Trust policy in AWS defines who can assume the role. In your case, you allow the EC2 service to assume that role, but the EC2 instance cannot assume the role on its own. What is actually happening here is that this trust policy allows you to attach a role to the EC2 instance (as an instance profile).

What does trusting the service `ec2.amazonaws.com` permit?

There are 1 best solutions below

Related Questions in AMAZON-WEB-SERVICES

Related Questions in TERRAFORM

Related Questions in AMAZON-IAM

Related Questions in IDENTITY-MANAGEMENT

Trending Questions

Popular # Hahtags

Popular Questions