Friday, 26 May 2023

IAM in AWS

 

 How to Create IAM roles for Amazon EC2?



In this article, we will cover how we can easily create an IAM role and can use it with an EC2 instance easily, and provide the required permissions with the S3 policies. These IAM Roles are the identities that we are creating in our account so that we can provide specific permissions to the users. So these Roles provide us the temporary credentials of security for our session.

Use of Roles:

Consider the Scenario in which we want to grant access to our account to third parties which can perform operations such as audits of our resources or consider another scenario in which we want to access users who have identities prior outside the Aws like in our corporate Directory.

So we can use the roles for access to users’ services or applications that don’t have access to AWS resources.

How To Use Roles:

The followings are the methods for using Roles:

  1. AWS Management Console 
  2. Assume-Role CLI
  3. Assume-role-with-web-identity
  4. Console URL Construct with AssumeRoleWithSAML

Steps to Create an IAM role for the EC2 Instance:

Step 1. First, we need to go to the IAM table Dashboard, and then we will go to the roles option and click on create roles.

IAM Roles dashboard

 

Step 2. Next under trusted entity type we will select AWS services and under Use case, we will select EC2 and click on next:

Roles dashboard

 

Step 3. Next under permission policies, we will search for S3 policies and will select S3readonly policy, and click on next.

Adding Permissions

 

Step 4. Next we will give our role a name and review all the changes and will click on next.

Adding Rolename and its details

 

Now we need to add Permission 

adding policy name to provide readaccess

 

Step 5. Now our IAM roles are created and if we click on the role that we just created we will be welcomed to this screen. Here we can see the details of our role. We can see that our myS3Role has been created

Details of AccessRole

 

Step 6. Next, we will go to the EC2 dashboard and create an EC2 instance:

Selecting EC2 dashboard

 

We need to create a new instance 

EC2

 

 

Step 7. While creating the EC2 instance under configure instance we will select the IAM role that we just created and we will proceed with our EC2 instance creation:

Note: we have to select IAM role we created earlier inside Iam role tab
select IAM role we created earlier

 

while creating EC2 in Add storage add 8 GB(GIB) and volume type General purpose SSD

Storage selection

 

During launching the instance download the key pair RSA file and launch the instance

Review your instance

 

 

Step 8. Next, we will connect to the EC2 instance that we just created

Secure Shell also known as SSH is a cryptographic network protocol that helps secure network services over an unsecured network.  It securely helps users to log in to a server with SSH than using a password alone. SSH keys are nearly impossible to decipher by brute force alone unlike passwords

Connect EC2 instance

 

 

Step 9. Now we will use the command “aws s3 ls” which will then let us see all the S3 buckets we created because we have set the policies of the IAM role to S3readonly through this we can just read our S3 buckets:

 

Step 10. Now in order to avoid any charges we will delete our ec2 instance and our s3 bucket.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)