In this blog, you will learn about create IAM role in AWS, empowering secure and controlled access to resources, and enabling efficient management of permissions for various AWS services. There are various ways to do this using AWS console, command line interface and by using programmatically.
An IAM role is set of permission aka policies that grants temporary access to the AWS resources. The role is typically used by services applications or users to do their tasks.
- You can create 1000 roles per account in AWS. if you want to increase it you have to place a request in Service Quotas
- There are maximum 10 managed policies per role
- You can create 50 tags per role.
Steps to create IAM role in AWS
First of all you have to login into AWS management console. Then search for IAM. Click on the Roles and then click on Create role.
Next you have to select AWS service as Selected trusted entity. Here you can see various option such as
- AWS services- One AWS services is relying on other AWS services. So you have to create a role in order to give the permission
- AWS account- You are sharing your role to the other AWS account.
- web identity- Users can use an identity provider (IdP) like Google, Facebook, or Amazon to log in to AWS. It gives users temporary AWS passwords based on who they are on the web.
- SAML 2.0- A standard protocol for Single Sign-On (SSO) that lets users log in to AWS using a current identity provider, like Active Directory or other systems that are SAML-compatible.
- custom trust policy- An AWS policy that spells out the exact steps that must be taken to assume a job. It says who (which users or services) can do it and when.
Now you have to select the AWS service on which you want to create roles. In my case i am selecting EC2 (Elastic Compute cloud). Most commonly used are EC2 and Lambda services in AWS.
Next you have to add permission to your roles such as AmazonEC2FullAccess
Next give your role a name and review everything. After that click on Create role.
Now you have successfully create a role for EC2 services.
After successfully creating a role for EC2 services, the next step is to attach the role to your EC2 instances. This grants the instances the necessary permissions to access AWS services securely without embedding credentials in your code.
If you click on this role you can see the option of the Maximum Session Duration which is default to 1 hour. You can edit this duration and set it any number of duration.
Creating an IAM role using Command line interface (CLI)
Step 1- Open cloudshell
Step 2- Create a trust policy document named as trust-policy.json. And upload in the cloudshell.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Step 3- Create an IAM Role
aws iam create-role --role-name EC2FullAccessRole --assume-role-policy-document file://trust-policy.json
Step 4- Use the following command to attach the AmazonEC2FullAccess policy to the newly created role:
aws iam attach-role-policy --role-name EC2FullAccessRole --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess
Conclusion
In conclusion, creating and attaching IAM roles for EC2 enhances security and simplifies permissions management, enabling efficient and secure access to AWS services without hardcoding credentials.
If you like this blog, you can share it with your friends or colleague. You can connect with me on social media profiles like LinkedIn, Twitter, and Instagram. If you have any doubt feel free to comment.
- 👏 Like for this article and subscribe to our newsletter
- 📰 View more content on my DataSpoof website
- 🔔 Follow Me: LinkedIn| Youtube | Instagram | Twitter