I’m currently running Concourse for my team at work. It’s a two instance deployment, one web and one worker EC2 instance. Most of the pipelines we write do stuff that require permissions to various AWS services. We needed to figure out a way to grant permissions to these AWS services to our pipelines. Our first thought was to create an IAM role and assign that role to the Concourse Worker’s EC2 instance.