4.1-Creating the IAM Role
The first "service console" we'll open is the IAM console (IAM is in the Security, Identity, & Compliance section), which is region-agnostic.
You'll find the "Roles" option in the menu to the left :
Choose this link, then use the big blue "Create Role" button at the top, and you'll have a 4-steps process to follow...
Click :
the "AWS service" block under Select Type of trusted entity
the "EC2" block under Choose the service that will use this role
Then click the big blue "Next: Permissions" button at the bottom (to step 2)...
I already had some policies and roles defined in this account, which is why I had to blur specifics
Use the search filter box above the list of permission policies to locate and put a ✅ check mark on these 2 policies provided by AWS :
AmazonEC2FullAccess (search for "ec2fu")
AmazonS3FullAccess (search for "s3fu")
Then click the blue "Next: Tags" button at the bottom (to step 3)...
We don't need tagging, so just click the blue "Next: Review" button at the bottom (to step 4)...
Give a name to your new role (i suggest "configuration name"-ec2role as shown above) and verify you have correctly included the 2 policies.
Then hit the blue "Creale Role" button and you're done.
Your server will need that to :
auto-configure itself during startup (setting network options in the EC2 service)
download configuration parameters and scripts from S3
without the need of passwords (=> 👍 safe parameter files and scripts 👍 )
Note: This IAM Role could have been defined with restricted, custom-specified permissions, both in EC2 and S3, rather than "Full Access", but that would be too complex to explain here. Also if you connect to your server in an interactive terminal, you'll be happy to have access to the full EC2 and S3 APIs from there without restriction or needing an access key or password.
Last updated
Was this helpful?