Setting Up IAM Roles Anywhere instead of Access Keys in AWS
Introduction Setting up IAM Roles Anywhere is the "gold standard" for bringing the power of IAM Roles to external servers (On-premises, Azure, GCP) without needing permanent, risky Access Keys. This mechanism relies on PKI (Public Key Infrastructure): You use a digital certificate to prove your identity to AWS, and in return, AWS provides you with temporary, short-lived credentials. Prerequisites Before we begin, you should have a basic understanding of IAM Identity Center and how to set up AWS Access Keys/Secrets, as this guide builds upon those concepts. Quick Recap If you have already set up a profile and logged in via SSO, you would typically use that profile in a NestJS source code like this: import { Injectable } from '@nestjs/common' import { getSignedUrl } from '@aws-sdk/s3-request-presigner' import { ConfigService } from '@nestjs/config' import { S3Client , ListObjectsV2Command , GetObjectCommand , } from '@aws-sdk/client-s3...