How to Create, Attach, and Detach IAM Roles in AWS

how to create, attach, and detach iam roles in aws

In this Writer's Room blog, Andela Community member Chinedu Ikechi explains what IAM roles are, how they enable applications to make secure API requests, and how to create, attach, and detach IAM roles .

Imagine that you have to manage and distribute security credentials to all the instances your application runs on, including those created by you and those AWS creates on your behalf using Auto Scaling groups. I bet it'll be challenging!

IAM roles was designed to enable your applications to make secure API requests from your instances without having to manage the security credentials that the application uses.

An IAM role is similar to an IAM user, but instead of being uniquely associated with a one person, it can be assumed by anyone who needs it.

IAM roles are invaluable in AWS, and in this article, we'll be looking at how to create, attach, and detach AWS IAM roles.

Creating IAM Roles for an AWS Service

There are various ways to create IAM roles in AWS. You can use the AWS Management Console, the AWS CLI, the Tool for Windows PowerShell, or the IAM api. In this tutorial, I'll only cover how to create IAM roles via the AWS Management Console.


  1. Sign in to the AWS Management Console and open the IAM console at
  2. In the navigation pane of the IAM console, choose Roles -> Create role
identity and access management iam interface

3. Under Trusted entity type section, select AWS service.

4. Under Use case, select the use case for your service, and here I'll be going for EC2. When you've selected your use case, click Next.

select trusted entity interface

5. Select one or more permission policies to attach to your new role. There are more than 750 roles you can choose from. You can also create a new policy by clicking on the Create Policy button on the top right corner. For this tutorial, I selected IAMReadOnlyAccess. This policy provides read-only access to IAM via the AWS management console. After choosing a permission policy, click next.

add permission interface

6. This is the last step. Here you're to provide a Role name, optionally add tags to your role, and review the details of the role you're about to create.

Role name helps you identify the purpose of the role you're creating, and it must be unique within your AWS account.

name review and create interface

IAM tags are key-value pairs that you can add to your role. Tags can include user information, such as an email address.

add tags interface

After providing a role name and reviewing the role, and if you're satisfied with the details you've provided, click on create role to create the new role, else you can use the previous button to go back and edit. You can also click on cancel if you'd like to start all over again.

How to Attach an IAM Role to an Instance

We're done creating our brand new IAM role, but how the we attach them to an instance?


  1. In the navigation pane of the EC2 console, choose Instances.
resources interface

2. Select an instance, and in the upper-right section, choose Action ‚Üí Security ‚Üí Modify IAM role.

instances dashboard

3. Under the Modify IAM role section, click on the Choose IAM role dropdown and select the role you've created, after which you can click on the Update IAM role button to attach the role to your instance.

modify iam role interface

How to Detach an IAM Role

If we no longer want an IAM role to be associated with an instance, we can easily detach it from the instance.


  1. Chances are you're already in the Instances Service, but if not, navigate to the Instances Service.
resources launch instances service health interface

Select an instance, and in the upper-right section, choose Action ‚Üí Security ‚Üí Modify IAM role.

instances interface

3. Click on the Choose IAM role dropdown, select No IAM role and click on Update IAM role.

Select No IAM Role

4. In the confirmation dialog box, enter Detach and click on the Detachbutton.

Detach IAM role

In this guide, we looked at what IAM roles are, and how they enable our applications to make secure API requests from instances without having to worry about the security credentials that the application uses.

We also had a step-by-step look at how to create, attach, and detach IAM roles from an instance.

I hope this is easy to understand and implement – and I hope you enjoyed it!

Want to be part of a vibrant tech community?

Then join the Andela Talent Network!

Find Work

If you found this blog useful, check out our other blog posts for more essential insights!

Related posts

The latest articles from Andela.

Visit our blog

The benefits and challenges of hiring a remote IT team

Not only are IT hires critical to business success, they’re also the most in-demand, making finding the right fit a top priority — and a big challenge. Learn how to efficiently access skilled and diverse talent.

Writer's Room: 5 tips for technical writing

Are you a technologist craving to share your work with the world? Then turn your technical project into a blog with our 5 top tips for technical writing.

Asynchronous and synchronous communication in the remote workplace

While synchronous collaboration was the preferred method for many global organizations, remote work has increased the popularity of asynchronous communication. But which is more beneficial, both to employees, and to business?

We have a 96%+
talent match success rate.

The Andela Talent Operating Platform provides transparency to talent profiles and assessment before hiring. AI-driven algorithms match the right talent for the job.