As a part of this topic, we will explore
What is IAM Role?
An IAM role is similar to a user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. … You can use roles to delegate access to users, applications, or services that don’t normally have access to your AWS resources.
- To create a role, go to My Security Credentials –>Roles –> Create Role.
- The role requires two things. One is trusted entity and other is permissions from policies.
- On clicking create a role, it will ask trusted entity then prompt for permissions.
- In this, we will choose EC2.
- Then we are trying to map functions that EC2 as a trusted entity.
- Next, review and create a role.
- We can associate the role with running EC2 Instance, because of the trusted entity of EC2 or we can also associate with while creating the EC2 Instance.
Assigning role to EC2 instance
As a part of this topic, we will explore
- To create EC2 instance, go to EC2 –>Launch Instance–> Choose AMI –> Choose Instance Type.
- In Configure Instances, choose IAM role and Add Storage and Launch.
- In this, we have to create a new key pair and download key pair and launch.
- Paste the new key pair into Cygwin\home\User\.aws.
- To validate that, use Cygwin.
- To change the permissions, use the command
chmod 400 .aws/keypair.pem
- To connect AWS, use the command below with fully qualified path.
ssh -i ~/.aws/itversitydemo.pem
- We need to install RedHat Enterprise based packages using the command.
sudo yum -y install epel release
- Install pip and aws cli using the command.
sudo yum -y install python-pip
sudo pip install awscli --upgrade --user
- For EC2 instance, select EC2 instance –> Actions –> Instance Settings –> Attach/Replace IAM Role.
- We will get the permissions which are only associated with a policy that is mapped to a role.
- Roles will be used extensively as a part of enterprises.