IAM Roles are also AWS Identity with permissions assigned to it. The unique benefit of IAM role is that it can be assigned to any person or AWS service too. For an Example, If we want to provide EC2 Instance access to Amazon S3 then we can provide accessby assigning roles to AWS service.
Another important point is that Access Keys or credentials are not associated with Roles. In fact Access Key is created dynamically while using roles.
Click on Roles in the left sidebar of AWS IAM Dashboard. In our case, there is one pre-existing role which we created for accessing S3.
Click on the s3-ec2-vpc Role which we already created. Verify the Permissions tab where we have assigned AmazonS3FullAccess policy to this role.
Click on Show Policy and see the JSON format for the policy Language.
Now, let's try to create a Role.; Click on Create Role button and provide suitable Role name.
Attach policies to the Role. In our case, let's say we want to provide full EC2 and S3 access to all Users, Groups, or Services associated with this Role.
Review and Click on Create Role.
Verify newly created Role is now available on IAM Dashboard.
Verify Permissions section for attached policies with this Role.
Labels: Amazon EC2, AWS, AWS IAM