Setting up API user on EC2

setting up iam role for ec2 instance create iam role for ec2 instance to ensure that only specific instances can access the kms key holding the access key pair, create a new iam role with kms access for each ec2 instance below are the steps to create a new iam role for an ec2 instance to give access to kms in case you already have an existing iam role attached to an ec2 instance(this can be verified on the instance's detail page), you can edit that iam role to include the kms permission as in step 2 assign roles to multiple instances if you're running multiple ec2 instances with the primevault's application, ensure that each instance has the appropriate iam role with kms access either by editing the existing roles or assigning new roles accordingly create an iam new role go to identity and access management (iam) > roles > create role 2\ select kms permission assign the default kms permission to the role and review and then create the role assign the created iam role to the ec2 instance(s) assign iam role apply the newly created iam role to each ec2 instance running the primevault application handling existing iam roles if you updated an existing iam role in previous steps, no further action is required in this section you can skip steps 1, 2 and 3 below and move to next section multiple ec2 instances if you operate multiple ec2 instances with the primevault client, ensure the new iam role is assigned to each instance to enable proper functionality