AMIN CHIVILKAR's blog
Day 49: Identity & Access Management

Day 49: Identity & Access Management

How to create roles and use it?

AMIN CHIVILKAR's photo
AMIN CHIVILKAR
·

3 min read

Table of contents

What is IAM?

AWS IAM (Identity and Access Management) is a web service facilitated by Amazon that helps the user securely control access to the resources of AWS. IAM can be used to control who gets authenticated to sign in and who gets the authorization (has permission) to use the resources provisioned by AWS.

IAM Roles

In AWS an IAM role is an IAM identity that has specific permissions specified during its creation. It also defines a set of permissions for making AWS service requests.

How to create Roles?

Step 1: To create an IAM role via AWS console first you need to login to your AWS account and select IAM which comes under Security, Identity, and Compliance.

Step 2: In the IAM section you have to click on “Roles” and then click on “Create role”.

Step 3: Then select the AWS Service for which you want to create the Role. For example, you can create a role for EC2 through which EC2 will be able to access S3 buckets. After selecting the AWS service click on “Next:”

Step 4: In this step, you can select the type of access you want to grant to your selected service in our case it is EC2. You can grant different types of access like Full Access, only read access, read and write access, etc. In the below picture we are granting "AdministratorAccess" to EC2.

Then click on “Next”

In this above step, you also have the option of “Create Policy” through which you can create policies according to your requirements instead of selecting existing policies.

You can create your own policy with the help of Visual, select the access level of the policy and also the request conditions as shown in the below picture.

You can also write a JSON script for creating the policy for your Roles as shown below. After writing JSON script you can click “Next”

Step 5: In this step, you will be in the review section of the role where you need to provide the Role Name and its description. You can also review which policies you have attached and also the tags you have created.

After reviewing your role, you can click on “Create Policy” and you have successfully created your first role.

How to use Roles?

IAM roles can be used by AWS services such as EC2, applications and by IAM Users for AWS access. You can use IAM roles to provision access to IAM users managed within your account or to IAM users under a different AWS account. IAM roles allow you to define permissions to trusted entities and delegate access without having to share long-term access keys.

Step 1: Create an IAM role for the EC2 instance. To create a role just follow the steps which we discussed in the previous section.

Step 2: Create an EC2 Instance by going to the EC2 Dashboard and clicking on Launch Instance.

Enter the name.

Select the system of your choice (in this case- Amazon Linux)

Step 3: Select a key pair or create one, save this key pair in the local system which would be in .pem format and Launch the Instance.

Step 4: In the “Advance details” section select the profile as shown in the below picture. Keep everything as default.

Once everything is in place, you can go ahead and launch an instance

You successfully created a server with the defined roles.

Conclusion

IAM Roles play a vital role in AWS in terms of security. It allows us to secure our application easily and seamlessly, it also helps us to avoid dependencies by allowing us to create different Roles for different requirements.

Hope you like my post. Don't forget to like, comment, and share.

#90daysofdevopsAWSec2IAM