DEV Community

Cover image for AWS Roles & Elastic IP
Jayant
Jayant

Posted on

AWS Roles & Elastic IP

#cloud #aws #programming

AWS Roles

What

They are set of permissions that are attached to the AWS Resource.

You can attach multiple roles to a single AWS resource.

Why

Normal way to give permissions to AWS resources is to create IAM user and attach policies to it, But this also exposes our credentials also.
The credentials are stored in that EC2 instance and can be accessed.
Also they are long lived, can't rotate them.

So we create a IAM role and attach policies to it.

Consider role as clothes and resources as user.
user can wear the clothes and easily remove them.

How

  1. Create IAM Role
  2. Attach policies to the role
  3. Attach the role to a any AWS Resources.

For Examples: You want that your EC2 instance is able to access your S3 bucket.
Create a IAM Role - S3-Ec2Access
Attach the policy AmazonS3FullAccess to the role.
Attach the role to the EC2 instance under security.

Same way you can create IAM Roles for other AWS resources.

Some usecases are
1) Lambda → Write logs to CloudWatch and push to SQS
2) Developers, apps, or scripts need temporary credentials with limited access
3) CI/CD tools like GitHub Actions, CodeBuild, GitLab CI, Jenkins, etc., assume IAM roles to deploy infrastructure or applications.
4) Give external SaaS services secure access to your AWS account (e.g., monitoring, cost tracking, backups)
5) Cross-account access : allowing users, roles, or services in one AWS account (Account A) to securely access resources in another AWS account (Account B).

AWS Elastic IP

An Elastic IP is an static public IPv4 address(32-bit number), that we can attach to an EC2 instance, it helps maintain a consitent IP Address even if our EC2 instance restarts or changes.

When we create an EC2 instance, we get a dynmaic IP Address that will change if we stop&start the instance.
But we want to maintain a consistent IP Address so we use Elastic IP.

Elastic IP is attached to the EC2 instance.

It is free until it is attached to some EC2 instance.

If you are using a Load Balancer Service then you don't need to attach Elastic IP to the EC2 instance, cuz LoadBalancer manages IP Internally.

Top comments (0)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.