Hi there. To assume a role, the user needs to have sts:AssumeRole permissions for the respective role ARN created. Apologies, the video didn't demonstrate that correctly with respect to user permissions but hope this helps! docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html

@@unmaskITnow thanks for replying. In many other demos there was no such thing as switching role. I guess that maybe because the demo was using admin account or account already have required policy attached?

Thanks mate, means a lot

Thank you so much 🙂 glad you loved it. Please do subscribe for more such content.

Glad to hear that it was helpful. I post new content every week. Please do subscribe for more such content

Thanks for the compliment. Please don't forget to subscribe and support the channel 🙏

Hi there. To assume a role, the user needs to have sts:AssumeRole permissions for the respective role ARN created. Apologies, the video didn't demonstrate that correctly with respect to user permissions but hope this helps! docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_permissions-to-switch.html

Thank you for subscribing. So thoughtful of you to recognize that. My intention is to organize & simplify so you dont end up having to search multiple places.

Yes, SSM offers Session Manager to connect to the instance. And that's a really good suggestion to compare the two.. I'll aim to do that next. Do subscribe so you're notified when I release it.

@@unmaskITnow Subscribed already, I have one doubt, For Single Account, Why IAM Role ? IAM Policy can be attached directly to the IAM user group right. Are you referring here cross account access using ECI endpoint? I am trying to replicate the same thing using SSO, Dev account user --> accessing prod account instance.

Yes, you can attach IAM policy directly to an IAM user but that requires you to download Access key ID and Secret access key which are long lived credentials for the user. Its AWS recommended best practice for an IAM user to assume IAM role with temporary credentials to grant necessary permissions whether it is in the same account or cross account

Hi there, thank you for watching. The answer to your question is yes. EC2 instance connect endpoint is for inbound access to instances in private subnet. You can still create a NAT gateway in public subnet and have a default route to the NAT gateway in private subnet for outbound internet access. Please do share and subscribe as it encourages me to make more such content.

@@unmaskITnow Thanks for your response and consideration. Keep your great work ♥.

Hi Yaseen, thank you for the question. If you're able to follow the process in the video to SSH to private instance, you should be able to use SCP utility to copy files to the private instance. Please find the link below with the AWS document for your reference. docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html#AccessingInstancesLinuxSCP

@@unmaskITnow Yeah I tried this. I believe there is documentation still remaining about this.

Currently used this but getting error that unable to find credentials. Please try it out and let me know. If you could find something.

True, It works without switching the role.