I have created an appspec.yml file to use it with aws codedeploy to deploy code to aws ec2 instance. Now in that instance I have to call aws secrets manager so that I can access my secrets. For this I have to install aws cli inside the ec2 server. Now the question is after installing aws cli how do I configure aws cli with the credentials securely. I do not like the approach to write a bash script which will configure credentials inside the server as it is very insecure. Any other methods possible?
i would recomend to give the ec2 instance a IAM Role. With the IAM-Role the Instance can access aws services without the need of credentials.
Check the offical documentation for implementation recomendations: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html