luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

docs: aws-ec2: link sts configuration from cross account access

Browse source
This commit is contained in:
vishalnayak 2017-03-28 14:34:21 -07:00
parent 25f396cac6
commit 1cfd0e94b3
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
website/source/docs/auth/aws-ec2.html.md
View file

@ -264,9 +264,10 @@ instance fails to renew the token on time.
### Cross Account Access
To allow Vault to authenticate EC2 instances running in other accounts, AWS STS (Security
Token Service) can be used to retrieve temporary credentials by assuming an IAM Role
in those accounts.
To allow Vault to authenticate EC2 instances running in other accounts, AWS STS
(Security Token Service) can be used to retrieve temporary credentials by
assuming an IAM Role in those accounts. All these accounts should be configured
at the backend using the `auth/aws-ec2/config/sts/<account_id>` endpoint.
The account in which Vault is running (i.e. the master account) must be listed as
a trusted entity in the IAM Role being assumed on the remote account. The Role itself