How to Create, Attach, and Detach IAM Roles in AWS

Eliza Power

Eliza Power

In this Writer’s Room blog, Andela Community member Chinedu Ikechi explains what IAM roles are, how they enable applications to make secure API requests, and how to create, attach, and detach IAM roles .

Imagine that you have to manage and distribute security credentials to all the instances your application runs on, including those created by you and those AWS creates on your behalf using Auto Scaling groups. I bet it’ll be challenging!

IAM roles was designed to enable your applications to make secure API requests from your instances without having to manage the security credentials that the application uses.

An IAM role is similar to an IAM user, but instead of being uniquely associated with a one person, it can be assumed by anyone who needs it.

IAM roles are invaluable in AWS, and in this article, we’ll be looking at how to create, attach, and detach AWS IAM roles.

Creating IAM Roles for an AWS Service

There are various ways to create IAM roles in AWS. You can use the AWS Management Console, the AWS CLI, the Tool for Windows PowerShell, or the IAM api. In this tutorial, I’ll only cover how to create IAM roles via the AWS Management Console.

Steps:

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
  2. In the navigation pane of the IAM console, choose Roles -> Create role

3. Under Trusted entity type section, select AWS service.

4. Under Use case, select the use case for your service, and here I’ll be going for EC2. When you’ve selected your use case, click Next.

5. Select one or more permission policies to attach to your new role. There are more than 750 roles you can choose from. You can also create a new policy by clicking on the Create Policy button on the top right corner. For this tutorial, I selected IAMReadOnlyAccess. This policy provides read-only access to IAM via the AWS management console. After choosing a permission policy, click next.

6. This is the last step. Here you’re to provide a Role name, optionally add tags to your role, and review the details of the role you’re about to create.

Role name helps you identify the purpose of the role you’re creating, and it must be unique within your AWS account.

IAM tags are key-value pairs that you can add to your role. Tags can include user information, such as an email address.

After providing a role name and reviewing the role, and if you’re satisfied with the details you’ve provided, click on create role to create the new role, else you can use the previous button to go back and edit. You can also click on cancel if you’d like to start all over again.

How to Attach an IAM Role to an Instance

We’re done creating our brand new IAM role, but how the we attach them to an instance?

Steps:

  1. In the navigation pane of the EC2 console, choose Instances.

2. Select an instance, and in the upper-right section, choose Action → Security → Modify IAM role.

3. Under the Modify IAM role section, click on the Choose IAM role dropdown and select the role you’ve created, after which you can click on the Update IAM role button to attach the role to your instance.

How to Detach an IAM Role

If we no longer want an IAM role to be associated with an instance, we can easily detach it from the instance.

Steps:

  1. Chances are you’re already in the Instances Service, but if not, navigate to the Instances Service.

Select an instance, and in the upper-right section, choose Action → Security → Modify IAM role.

3. Click on the Choose IAM role dropdown, select No IAM role and click on Update IAM role.

Select No IAM Role

4. In the confirmation dialog box, enter Detach and click on the Detachbutton.

Detach IAM role

In this guide, we looked at what IAM roles are, and how they enable our applications to make secure API requests from instances without having to worry about the security credentials that the application uses.

We also had a step-by-step look at how to create, attach, and detach IAM roles from an instance.

I hope this is easy to understand and implement – and I hope you enjoyed it!

Want to be part of a vibrant tech community?

Then join the Andela Talent Network!

Find Work


If you found this blog useful, check out our other blog posts for more essential insights!

Related Posts

How to Hire Ruby Developers: A Guide to Building a Winning Team
The ultimate guide to NumPy for Machine Learning
Go remote to go global: Why it’s time to embrace the remote workplace
5 Easy and Fun Ways to Stay Connected When Working Remotely
10 Best Remote Collaboration Tools for Software Developers
Beyond Coding: 10 Essential Developer Soft Skills