Hey, happy to have you here. I see you are eager about AWS EC2. That’s great!!
Have you wondered as, in the Google Sheets, we can give permission to anyone to edit or read the content? Is it possible with AWS too?
Today, we’ll be checking out if we could do the same in Amazon AWS. Let’s dig in about IAM roles in AWS and how to assign it to AWS EC2 Instance to set these permissions 🙂
View a short preview of what we’ll be exploring today:
What is IAM?
AWS Identity and Access Management is a web service that helps you securely control access to AWS resources. IAM is used to control who is authenticated (signed in) and authorized (has permissions) to use resources.
When you first create an AWS account, there exists a single sign-in identity that has complete access to all AWS services and resources in the account. The user who has full access is called the Root user.
Note: You can grant permission to other people to administer and use resources in your AWS account without having to share your password or access key. This can be done with the help of IAM roles.
You can grant different permissions to different people for different resources. For example –
- EC2 full access
- S3 read-only access
- Only billing access
Creating an IAM role
a) Sign in to the AWS Management Console and open the IAM console.
b) In the navigation pane of the IAM console, choose Roles, and then choose Create role.
c) For Select type of trusted entity, choose AWS service.
d) Choose the service that you want to allow to assume this role.
e) Choose the use case for your service.
f) Choose one or more policies to attach to your new role. The policies determine what kind of authorizations and permissions you wish to attach to your role.
I have added permission to AmazonS3FullAccess.
g) Then choose Next: Tags. This step is optional and you can label your data with the help of this step.
h) Choose Next: Review. Give your role a name which should be unique within your AWS account.
i) Choose Create Role and your role will be created.
IAM role is created. It was just a piece of cake, isn’t it?
Assigning IAM role to EC2 Instance
Step 2: Select the instance to which you want to attach the IAM role. For Actions, choose Instance Settings, Attach/Replace IAM role.
Step 3: For IAM role, choose your IAM role, and then choose Apply.
Step 4: Choose Close.
Congratulations! You have successfully created an IAM Role that grants full S3 access to your virtual EC2 machine. :))
That’s it for today’s class. You can create various roles and attach them to your instances. Carry on!!
Let me know if you have any issues or suggestions for us. Thank you.
– Rishita Anand Sachdeva