DEV Community

Cover image for 🎭 AWS 120: Giving Your Servers a Voice - Creating an IAM Role
Hritik Raj
Hritik Raj

Posted on

🎭 AWS 120: Giving Your Servers a Voice - Creating an IAM Role

#aws #iam #ec2 #100daysofcloud

AWS

πŸ›‘οΈ IAM Roles: The Secure Way for Services to Communicate

Hey Cloud Architects! πŸ‘‹

Welcome to Day 20 of the #100DaysOfCloud Challenge: Create IAM Role! We are reaching a major milestone in Identity and Access Management with KodeKloud Engineer.

Today, we aren't creating an identity for a person. Instead, we are creating an identity for a Service. If your EC2 instance needs to upload logs to S3 or read data from a database, you don't give the server a username and password. You give it a Role.

Our mission: Create an IAM role named iamrole_mariyam that an EC2 instance can assume, and attach the policy iampolicy_mariyam.

1. Introduction: What is an IAM Role? πŸ’‘

An IAM Role is an identity you can create in your account that has specific permissions. It is similar to an IAM user, but it is not uniquely associated with one person.

  • Trust Policy: This defines who can "put on the mask" (assume the role). In our case, it's the EC2 service.
  • Permissions Policy: This defines what the service can do once it has the mask on.
  • Why it Matters: Roles use temporary security credentials. This means there are no long-term access keys to steal, making your architecture significantly more secure.

2. Step-by-Step Guide: Creating iamrole_mariyam

We will use the IAM Role creation wizard to set this up.

Step 2.1: Navigate to Roles

  1. Log in to the AWS Console.

  2. Search for IAM and open the dashboard.

  3. In the left sidebar, click on "Roles".

Step 2.2: Select Trusted Entity

  1. Click the orange "Create role" button.

  2. Trusted entity type: Select AWS service.

  3. Service or use case: From the dropdown or the radio buttons, select EC2.

  4. Select the EC2 use case again if prompted.

  5. Click "Next".

Step 2.3: Add Permissions

  1. In the Permissions policies search box, type iampolicy_mariyam.

  2. Check the box next to the policy name.

  3. Click "Next".

Step 2.4: Name, Review, and Create

  1. Role name: Enter iamrole_mariyam.

  2. Description: (Optional) "Role for EC2 instances to access resources."

  3. Review the Trust Policy (it should list ec2.amazonaws.com as the principal).

  4. Click "Create role".

Success! iamrole_mariyam is now ready to be attached to an EC2 Instance Profile. πŸŽ‰

3. Key Takeaways πŸ“

  • Service-to-Service: Roles are the standard way to grant permissions to AWS resources.
  • Temporary Credentials: AWS handles the rotation of security tokens automatically.
  • No Users Needed: You don't need to create a "user" for your application to run; use a role instead.

4. Common Mistakes to Avoid 🚫

  1. Confusing Roles with Users: Remember, roles don't have passwords. You can't "log in" as a role in the console.
  2. Broad Trust Policies: Ensure only the specific services that need the role are listed.
  3. Forgetting the Instance Profile: You still have to "attach" it to your EC2 instance.

5. Conclusion + Call to Action! 🌟

You've just implemented one of the most important security best practices in the cloud! By using IAM Roles, the Nautilus team can build applications that talk to each other securely without the headache of managing static keys.

Top comments (0)