1 Core Concepts
first edited this page 2025-07-07 04:10:31 +00:00

Before deployment, it's important to understand the two primary security patterns for granting the server permissions. The pattern you choose depends on where your server is hosted.

  • Pattern A: IAM Roles for EC2 (Recommended) This is the standard, most secure method for workloads running within AWS. An IAM Role is attached to the EC2 instance, which then automatically receives short-lived, temporary credentials from the EC2 metadata service. This completely avoids the need to store static access keys on the server.

  • Pattern B: IAM Users for External Servers For servers running outside of AWS (e.g., on-premises, other clouds), an IAM Role cannot be used. This pattern involves creating a dedicated IAM User with a narrowly scoped policy and long-lived static access keys (AccessKeyId and SecretAccessKey). This requires careful manual credential management.