Search code examples
amazon-ec2aws-secrets-manager

How to pass password securely in EC2 bootstrap script?

I have an applications which I am trying to install via bootstrap script for EC2 instance. This application needs a password to be provided during the installation. What is the most secure way to provide the password during bootstrap process?

Solution

  • The recommended method is:

    • Store the password in the AWS Secrets Manager
    • Assign an IAM Role to the EC2 instance
    • Grant permissions to the Role to access the secret in the Secrets Manager
    • Add code to the startup script to retrieve the secret from the Secrets Manager

    The code in the Startup Script will automatically use the permissions assigned to the role that was associated with the EC2 instance.