Menu

    How to Create IAM Roles in AWS

    Creating an IAM role in AWS involves defining who can assume the role, what permissions the role grants, and which AWS services or entities will use the role. IAM roles can be created through the AWS Management Console, the AWS CLI, or programmatically via the SDK. Here, we’ll go through the steps to create an IAM role using the AWS Management Console.

    Steps to Create an IAM Role Using the AWS Management Console

    1. Sign in to AWS Management Console
    • Go to the IAM console and sign in with an AWS account that has the necessary permissions to create roles.
    1. Navigate to the Roles Section
    • In the navigation pane, click on Roles.
    1. Click on Create Role
    • In the Roles page, click the Create Role button.
    1. Select the Trusted Entity (Who Can Assume the Role)
    • You’ll be asked to choose a trusted entity that can assume this role. There are different types of trusted entities:
      • AWS service: Use this when you want AWS services like EC2, Lambda, or RDS to assume the role.
      • Another AWS account: Use this if the role will be assumed by users or resources in a different AWS account.
      • Web identity provider (OIDC/SAML): For federated access via SAML or OpenID Connect.
      • Custom trust policy: Write a custom trust policy if your use case doesn’t fit into the predefined options.
    • Example: If you want to allow an EC2 instance to assume this role, select AWS service and then choose EC2.
    1. Attach Permissions Policies
    • After selecting the trusted entity, attach policies to the role that define what it can access.
    • You can:
      • Select an existing policy: AWS provides a set of predefined policies for common use cases.
      • Create your own policy: You can write custom policies using JSON to give the role specific permissions.
    • Example: If the role should allow EC2 instances to read/write to an S3 bucket, you can attach the AmazonS3FullAccess policy.
    1. Set Permissions Boundary (Optional)
    • A permissions boundary is an advanced feature that limits the maximum permissions a role can have, even if the attached policy grants more access.
    • This step is optional and is typically used for organizations with strict governance policies.
    1. Name the Role
    • Provide a name for your role. The name should be descriptive to indicate its purpose (e.g., EC2S3AccessRole).
    1. Review and Create the Role
    • Review all settings, including the trusted entities, attached policies, and permissions boundaries.
    • If everything looks correct, click Create Role.

    Assigning the Role to an AWS Service (e.g., EC2)

    Once the role is created, you need to assign it to an AWS service to start using it.

    1. Assign Role to an EC2 Instance:
    • Go to the EC2 console.
    • While launching a new EC2 instance, in the Configure Instance step, scroll down to the IAM role section.
    • Select the IAM role you just created from the drop-down list.
    • Complete the rest of the instance launch process.
    1. Assign Role to Lambda:
    • Go to the Lambda console.
    • While creating or editing a Lambda function, in the Execution role section, select Use an existing role and choose the role you created.

    Best Practices for Creating IAM Roles

    1. Follow the Principle of Least Privilege:
    • Only attach the permissions necessary for the role’s purpose. If the role needs to access a specific S3 bucket, don’t grant it full access to all buckets.
    1. Use Managed Policies When Possible:
    • AWS provides a set of predefined managed policies that simplify role creation. For custom or specific use cases, write your own JSON policies.
    1. Enable CloudTrail to Monitor Role Activity:
    • To keep track of what’s happening with your IAM roles, enable AWS CloudTrail, which records all role-assuming events.
    1. Rotate Roles for External Access:
    • When using IAM roles for cross-account access or federated users, ensure that policies and roles are regularly reviewed and rotated for security purposes.

    In summary, creating an IAM role is a straightforward process but requires careful consideration of the trusted entities and permissions. By following best practices such as the principle of least privilege, you can ensure that your roles are secure and grant just the necessary access to your AWS resources.

    Previous
    Next
    Linkedin X-twitter Youtube Instagram

    DEVOPS

    AWS
    Google Clod Platform
    Azure
    Github
    Gitlab
    Bitbucket
    Gitlab CI
    Circle CI
    Travis CI
    AWS Code Pipeline
    Azure Pipelines
    Terraform
    AWS Cloud formation
    Ansible
    Puppet
    Chef
    Docker
    Kubernetes
    Openshift
    Prometheus
    Garfana
    Nagios
    ELK Stack
    Splunk
    Data
    Slack
    Teams
    Jira
    Trello

    PROGRAMMING LANGUAGES


    C++
    C#
    Javascript
    Python
    Rust
    Kotlin
    PHP
    JAVA
    GO lang

    CLOUD ENGINEER

    AWS
    Azure
    VMware
    Salesforce
    Cloud Computing
    Google Cloud Platforms
    Docker
    Kubernetes
    Openshift
    Linux Shell Scripting
    Python Scripting
    Terraform
    PowerShell

    B.Tech / MCA

    DBMS
    Data StructureS
    DAA
    Operating System
    Computer Network
    Compiler Design
    Computer Organization
    Discrete Mathematics
    Ethical Hacking
    Computer Graphics
    Software Engineering
    C Programming
    C++
    Java
    .Net
    Python
    Programs
    Control system
    Data Warehouse

    NETWORK / SECURITY

    Cisco
    Juniper
    Aruba
    VMware NSX
    Palo Alto Network
    Fortinet
    F5 Networks
    Splunk
    FireEye
    Tenable
    Check Point
    McAfee / Symatec
    Kali Linux
    OpenVAS
    WireShark
    AWS
    Azure
    Google Cloud Platform
    NagiOS
    Solarwinds
    Zabbix
    Wireshark

    SOFTWARE DEVELOPER

    Frontend
    Backend
    Cloud
    Android
    iOS
    Docker
    Kubernetes
    Terraform
    CI / CD Platforms
    Unity
    Unreal Engine

    DATA ANALYST

    Power BI
    Tableau
    Looker
    SQL
    MongoDB
    Snowflake
    Apache Hadoop
    Apache Spark
    AWS
    Azure
    Google Cloud Platform

    WEB DEVELOPMENT

    HTML
    CSS
    Javascript
    jQuery
    jQuery UI
    Angular JS
    React.JS
    XML
    JSON
    HTTP
    Node.JS
    Express.JS
    API Development
    XPath
    XQuery
    Jest
    Cypress
    Git
    Github

    DISCLAIMER

     The job-related information, exam results, and marks published on Job Binge (www.jobbinge.com) are provided solely for the immediate reference of the users and do not constitute legal documents. While every effort is made to ensure that the information presented on this website is accurate and authentic, Job Binge cannot be held responsible for any inadvertent errors or discrepancies that may have occurred in the data or results published. We are not liable for any loss, damage, or inconvenience caused by any shortcoming, defect, or inaccuracy of the information available on this website. Users are advised to verify details through official sources before making any decisions based on the information found here.