Assume Role via AWS Web Console Important Due to the security implications, IAM policies are set up by default to only allow the root AWS account to assume roles into other accounts. Log into the AWS root acccount Example AWS root login Click on [email protected] @ example-root-aws drop down at the top of the console and select Switch Role Enter the AWS account id of the member account in the Account field Use OrganizationAccountAccessRole as the Role (Optional) Pick Display Name and choose a Color for the role Example AWS switch role Assume Role via CLI (using aws-vault) First, ensure that the proper profiles are setup following Authorization.
AWS KMS+S3 is a method providing encrypted object storage.
Amazon Certificate Manager is a service that lets you easily provision, manage, and deploy TLS certificates for use with AWS services such as ELBs and CloudFront.
An Amazon Machine Image provides the information required to launch an EC2 instance, which is a virtual server in the Amazon public cloud.
Amazon’s Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources such as configurations with Parameter Store. Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure securely at scale.
All things being equal, we strongly bias towards it to get the human operator out of the TF deploys equation.
Chamber is a tool by Segment IO for managing secrets with AWS SSM+KMS and exposing them as environment variables.