In order to use IAM roles, instead of AWS secret and access keys, a new policy must be created that will be used by the IAM role. Policies are used to grant permissions to groups. If there isn't a policy already in place for S3 access, a new policy must be created.
Create a new policy.
Follow the steps from the AWS site to Create a New Policy.
Use the policy simulator to test the new IAM policy.
Follow the steps from the AWS site to Test IAM Policies.
Create a new role. You can attach up to 10 policies to each role.
Follow the steps from the AWS site to Create IAM Roles.
If an Amazon EC2 configuration is already in place, the new policy that you created is attached to the existing role used on the EC2 instance. Follow the steps from the AWS site to Manage IAM Roles.
Attach the role to the EC2 instance where
Alfresco Content Services is running.
Note that one single role can be applied to an EC2 instance.
Edit alfresco-global.properties to remove the
s3.accessKey and s3.secretKey properties.
By removing these properties, the IAM role that's attached to the EC2 instance takes over the responsibility of accessing the S3 bucket.
You are now ready to start Alfresco Content Services.