2.6 Ensure AutoScaling Group Launch Configuration for App Tier is configured to use an App-Tier IAM Role


An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

Also, a role does not have any credentials (password or access keys) associated with it. Instead, if a user is assigned to a role, access keys are created dynamically and provided to the user.

You can use roles to delegate access to users, applications, or services that don't normally have access to your AWS resources. Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances.

IAM Roles for EC2 allow application running within an EC2 instance assume the role applied to the instance.
Ensures all EC2 instances within the App-Tier auto scaling group have been launched with an IAM Role for EC2


Using the Amazon unified command line interface:

* Create new launch configuration for the App tier using the App tier IAM instance profile :

aws autoscaling create-launch-configuration --launch-configuration-name <_app_tier_launch_config_> --image-id <_app_tier_ami>_ --key-name <_your_key_pair>_ --security-groups <app_tier_security_group_>_ --instance-type <_desired_instance_type>_ --iam-instance-profile <_app_tier_instance_profile>_

See Also