IAMインスタンスプロファイル(IAM instance profile)ってなんだ

ECSのTerraform書いてるときに出てきた

code: sample.tf

data "aws_iam_policy_document" "piyo" {

statement {

effect = "Allow"

actions = [

"sts:AssumeRole",

]

principals {

type = "Service"

identifiers = [

"ec2.amazonaws.com",

]

}

}

}

resource "aws_iam_role" "fuga" {

name = "ecs-instance-role"

path = "/"

assume_role_policy = data.aws_iam_policy_document.piyo.json

}

resource "aws_iam_instance_profile" "hoge" {

name = "ecs-instance-profile"

role = aws_iam_role.ecs_instance_role.name

}

resource "aws_instance" "instance" {

...

iam_instance_profile = aws_iam_instance_profile.hoge.name

...

}

EC2にAssumeRoleというアクションを許可したポリシーのプロファイルをEC2にアタッチ！！

という流れかと