How to Create IAM roles for Amazon EC2?
In this article, we will cover how we can easily create an IAM role and can use it with an EC2 instance easily, and provide the required permissions with the S3 policies. These IAM Roles are the identities that we are creating in our account so that we can provide specific permissions to the users. So these Roles provide us the temporary credentials of security for our session.
Use of Roles:
Consider the Scenario in which we want to grant access to our account to third parties which can perform operations such as audits of our resources or consider another scenario in which we want to access users who have identities prior outside the Aws like in our corporate Directory.
So we can use the roles for access to users’ services or applications that don’t have access to AWS resources.
How To Use Roles:
The followings are the methods for using Roles:
- AWS Management Console
- Assume-Role CLI
- Console URL Construct with AssumeRoleWithSAML
Steps to Create an IAM role for the EC2 Instance:
Step 1. First, we need to go to the IAM table Dashboard, and then we will go to the roles option and click on create roles.
Step 2. Next under trusted entity type we will select AWS services and under Use case, we will select EC2 and click on next:
Step 3. Next under permission policies, we will search for S3 policies and will select S3readonly policy, and click on next.
Step 4. Next we will give our role a name and review all the changes and will click on next.
Now we need to add Permission
Step 5. Now our IAM roles are created and if we click on the role that we just created we will be welcomed to this screen. Here we can see the details of our role. We can see that our myS3Role has been created
Step 6. Next, we will go to the EC2 dashboard and create an EC2 instance:
We need to create a new instance
Step 7. While creating the EC2 instance under configure instance we will select the IAM role that we just created and we will proceed with our EC2 instance creation:
Note: we have to select IAM role we created earlier inside Iam role tab
while creating EC2 in Add storage add 8 GB(GIB) and volume type General purpose SSD
During launching the instance download the key pair RSA file and launch the instance
Step 8. Next, we will connect to the EC2 instance that we just created
Secure Shell also known as SSH is a cryptographic network protocol that helps secure network services over an unsecured network. It securely helps users to log in to a server with SSH than using a password alone. SSH keys are nearly impossible to decipher by brute force alone unlike passwords
Step 9. Now we will use the command “aws s3 ls” which will then let us see all the S3 buckets we created because we have set the policies of the IAM role to S3readonly through this we can just read our S3 buckets:
Step 10. Now in order to avoid any charges we will delete our ec2 instance and our s3 bucket.