AWS Managed Services (AMS) helps you operate your AWS infrastructure more efficiently and securely. AMS accounts have security guardrails for standardized administration of your AWS resources. One guardrail is that default Amazon Elastic Compute Cloud (Amazon EC2) instance profiles don’t allow write access to Amazon Simple Storage Service (Amazon S3) buckets. However, your organization might have multiple S3 buckets and require more control over access by EC2 instances. For example, you might want to store database backups from EC2 instances in an S3 bucket.
This pattern explains how to use requests for change (RFCs) to allow your EC2 instances write access to S3 buckets in your AMS account. An RFC is a request created by you or AMS to make a change in your managed environment and that includes a change type (CT) ID for a particular operation.
