How to Create, Attach, and Detach IAM Roles in AWS
In this Writer's Room blog, Andela Community member Chinedu Ikechi explains what IAM roles are, how they enable applications to make secure API requests, and how to create, attach, and detach IAM roles .
Imagine that you have to manage and distribute security credentials to all the instances your application runs on, including those created by you and those AWS creates on your behalf using Auto Scaling groups. I bet it'll be challenging!
IAM roles was designed to enable your applications to make secure API requests from your instances without having to manage the security credentials that the application uses.
An IAM role is similar to an IAM user, but instead of being uniquely associated with a one person, it can be assumed by anyone who needs it.
IAM roles are invaluable in AWS, and in this article, we'll be looking at how to create, attach, and detach AWS IAM roles.
Creating IAM Roles for an AWS Service
There are various ways to create IAM roles in AWS. You can use the AWS Management Console, the AWS CLI, the Tool for Windows PowerShell, or the IAM api. In this tutorial, I'll only cover how to create IAM roles via the AWS Management Console.
In the navigation pane of the IAM console, choose Roles -> Create role
3. Under Trusted entity type section, select AWS service.
4. Under Use case, select the use case for your service, and here I'll be going for EC2. When you've selected your use case, click Next.
5. Select one or more permission policies to attach to your new role. There are more than 750 roles you can choose from. You can also create a new policy by clicking on the Create Policy button on the top right corner. For this tutorial, I selected IAMReadOnlyAccess. This policy provides read-only access to IAM via the AWS management console. After choosing a permission policy, click next.
6. This is the last step. Here you're to provide a Role name, optionally add tags to your role, and review the details of the role you're about to create.
Role name helps you identify the purpose of the role you're creating, and it must be unique within your AWS account.
IAM tags are key-value pairs that you can add to your role. Tags can include user information, such as an email address.
After providing a role name and reviewing the role, and if you're satisfied with the details you've provided, click on create role to create the new role, else you can use the previous button to go back and edit. You can also click on cancel if you'd like to start all over again.
How to Attach an IAM Role to an Instance
We're done creating our brand new IAM role, but how the we attach them to an instance?
In the navigation pane of the EC2 console, choose Instances.
2. Select an instance, and in the upper-right section, choose Action ‚Üí Security ‚Üí Modify IAM role.
3. Under the Modify IAM role section, click on the Choose IAM role dropdown and select the role you've created, after which you can click on the Update IAM role button to attach the role to your instance.
How to Detach an IAM Role
If we no longer want an IAM role to be associated with an instance, we can easily detach it from the instance.
Chances are you're already in the Instances Service, but if not, navigate to the Instances Service.
Select an instance, and in the upper-right section, choose Action ‚Üí Security ‚Üí Modify IAM role.
3. Click on the Choose IAM role dropdown, select No IAM role and click on Update IAM role.
4. In the confirmation dialog box, enter Detach and click on the Detachbutton.
In this guide, we looked at what IAM roles are, and how they enable our applications to make secure API requests from instances without having to worry about the security credentials that the application uses.
We also had a step-by-step look at how to create, attach, and detach IAM roles from an instance.
I hope this is easy to understand and implement ‚Äì and I hope you enjoyed it!
Not only are IT hires critical to business success, they’re also the most in-demand, making finding the right fit a top priority — and a big challenge. Learn how to efficiently access skilled and diverse talent.
While synchronous collaboration was the preferred method for many global organizations, remote work has increased the popularity of asynchronous communication. But which is more beneficial, both to employees, and to business?