Creating a role

The following steps will guide you to create a role:

1. Go to AWS IAM Management Console at https://console.aws.amazon.com/iam/home and click on Roles from the left navigation or directly go to https://console.aws.amazon.com/iam/home#/roles
2. Under Roles, you can see a list of AWS IAM Roles created under your account (if any)
3. Click on the Create role button:

Here, we need to select the type of trusted entity for our role:

• • AWS service: This is used when a role needs to perform specific actions from a specific AWS service
  • Another AWS account: This is used when you want a different AWS account of your own or a third-party AWS account needs access
  • Web Identity: This is used when you want to allow access to federated users using some external web identity or OpenID Connect (OIDC)
  • SAML 2.0 federation: This is used when you want to allow access to federated users using SAML 2.0

For our example, we will use AWS service. Under Choose the service that will use this role, select EC2 and click on Next: Permissions.

4. The next step is to Attach permissions policies:

Here, we can filter the policy to ease the selection process. We will select the AmazonS3FullAccess checkbox and click on Next: Review.

5. The next step is to provide the role name, description, and review the trusted entities and policies that were attached in the previous step:

Once verified, click on Create role:

Once a role is created, we can add or remove managed policies and inline policies under a newly created role as per our requirements.