Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

3
  • so you mean run a script on startup of the ec2 instance that uses sed to retrieve the file from S3? Or are you saying I can use sed in bash from the S3 side? Also the funny thing is, when I was reading about using the php sdk to access objects from buckets on S3, it said any application on your ec2 that wants to use some other aws service must have credentials. One way of having credentials is having the credentials in a file and the documentation said, don't store these credentials on S3, even if it was encrypted. So I'm wondering if it's ok to store a config file on there? Commented Jan 10, 2019 at 21:52
  • You retreive the file on S3, save it somewhere and use sed. I don't know if PHP SDK can use instance profile: you can attach an IAM role to an EC2 instance. Like this, you don't store credentials anywhere. Commented Jan 11, 2019 at 8:54
  • Yes you can assign a role tot he instance for the php sdk to use temporary credentials. This is how they prefer it, rather than the other methods. Yes, I was just highlighting the point that aws do not what you to store credentials on S3, so I was wondering if that would go for other sensitive data, that's all. Thanks for your help. Commented Jan 11, 2019 at 14:43