Versions Compared

Old Version 7

changes.mady.by.user Leena Gopal

Saved on

compared with

New Version 8

changes.mady.by.user Leena Gopal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Log in to the AWS console. Open the IAM console, navigate to Access Management > Roles,and click the Create role button.

  2. Image RemovedImage Added

    Select the AWS service as the Trusted entity type, and EC2 as the Use case and click Next.

    Image RemovedImage Added

  3. In Add permissions policies page, select all or desired policies that grant your instances access to the resources and then choose Next. A policy defines the AWS permissions you can assign to a user, group, or role. The permissions can be Custom-managed or AWS-managed and are created or edited in the visual editor and using JSON.

    Image RemovedImage Added

  4. Optionally, as appropriate add tags. Click Next: Tags to skip to the next screen.

  5. Specify a Role name and description. in the Name, review, and create page.

  6. Review the details and add a name for the role and click Create role.

    Image RemovedImage Added

     

This is an example of a Custom managed policy min_sl_required_s3_permission, which contains minimum actions for all AWS S3 Snaps for accessing the bucket test-bucket. You should be able to read and write files in the bucket that is created. Learn more about creating custom-managed policies using AWS Management Console, AWS CLI, or AWS API in IAM, https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html?icmpid=docs_iam_console

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:ListBucket",
"s3:PutObjectTagging",
"s3:DeleteObject",
"s3:PutObjectAcl",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::test-bucket/",
"arn:aws:s3:::test-bucket"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource":" "
}
]
}

...

  1. Navigate to the EC2 web console, and select Instances. Choose the required instance.

  2. From the Actions dropdown menu, select Security > Modify IAM role.

  3. Select the IAM role created and click Update IAM role. You also have the option to create a new IAM role from the EC2 web console.

Cross-Account IAM Role

Cross-Account IAM Role enables a client from an AWS account to access the resources of another AWS account temporarily using the Binary Snaps that support reading from or writing into S3 buckets. This helps organizations or different teams in an organization to access each other's AWS accounts without compromising security by sharing AWS credentials. Learn more about configuring Cross-Account role: Configuring Cross Account IAM Role Support

...