Configure an IAM Role in a DynamoDB Account

Overview

To configure an Identity and Access Management (IAM) role in the EC2 instance, you need to access the IAM role. Using the IAM role, you can delegate the required permissions as follows:

  • Create an IAM role in the AWS.

  • Define the account that can assume the role.

  • Specify the role when you launch your instance or attach the role to an existing instance.

Key Components

The four critical components involved with the configuration of the EC2 instance for the IAM role in the DynamoDB Account are:

  • IAM Role

  • EC2 Instance

  • DynamoDB Account

  • Policies

Prerequisites

  • None.

Create an IAM Role in the AWS

  1. Log in to the AWS console. Open the IAM console, navigate to Access Management > Roles, and click the Create role button.

  2. Select the AWS service as the Trusted entity type, and EC2 as the Use case, and click Next.

  3. In Add permissions policies page, select all or required policies that grant your instances access to the resources and then choose Next. For more information about DynamoDB permissions, refer to DynamoDB Account.
    A policy defines the AWS permissions you can assign to a user, group, or role. The permissions can be Custom-managed or AWS-managed and are created or edited in the visual editor or using JSON.

  4. Add tags for resources because this is optional. Then choose Next. Specify a Role name and description in Name review and create page.

  5. Review the details and click Create role.

Attach IAM Role to an Instance

To attach an IAM role to an instance which is either in a stopped or running state:

  1. Navigate to the EC2 web console, and select Instances. Choose the required instance.

  2. From the Actions dropdown menu select Security > Modify IAM role.

  3. Select the IAM role created and click Update IAM role. You also have the option to create a new IAM role from the EC2 web console.

Modify or Create Policies Associated with the Role

  1. In your AWS console, click Policies and select the policy attached to the role from the list in the table.

  2. Click the JSON tab, specify the policy details in the JSON editor, and click Review Policy.

  3. Review the policy summary. Add a name and, optionally, a description for this policy, and select Create policy.

    {     "Version": "2012-10-17",     "Statement": [         {             "Effect": "Allow",             "Action": "dynamodb",             "Resource": "*"         }     ] }

     

The role's Amazon Resource Name (ARN) must be specified to associate the role with the policy for the Cross-account IAM role.

For information on creating a DynamoDB Account and more account-specific troubleshooting details, refer to DynamoDB Account. Learn more about account scenarios in DynamoDB Account.


Related Content

Â