So, I'm new to cloud engineering and I wanted to deploy a java spring boot app on ec2 instance. And I have to use IAM Role for accessing S3 bucket. I wanted to know how it works. Can just do an API call to S3 bucket or do I have to provide credentials to my java app even though I've assigned IAM Role to ec2 instance.
I haven't had the time to try it yet. So yes or no would be great.
When an IAM Role is associated with an Amazon EC2 instance, the EC2 Instance Metadata service automatically provides temporary credentials to the instance. The AWS SDK knows how to retrieve credentials from this EC2 instance metadata.
Therefore, if your code is using an AWS SDK then it will automatically have access to credentials, giving the app the permissions defined in the IAM Role. You do not need to provide any credentials in your code.
When developing code on your own computer, you can store credentials in an AWS configuration file. The easiest way to do this is to use the AWS CLI aws configure command. In this situation, when your code uses the AWS SDK, it will automatically look in the configuration file to retrieve the credentials.
Bottom line: You should never put credentials in your code. They should be retrieved via the Default credentials provider chain - AWS SDK for Java 2.x.