In this Writer’s Room blog, Andela Community member Chinedu Ikechi explains what IAM roles are, how they enable applications to make secure API requests, and how to create, attach, and detach IAM roles .
Imagine that you have to manage and distribute security credentials to all the instances your application runs on, including those created by you and those AWS creates on your behalf using Auto Scaling groups. I bet it’ll be challenging!
IAM roles was designed to enable your applications to make secure API requests from your instances without having to manage the security credentials that the application uses.
An IAM role is similar to an IAM user, but instead of being uniquely associated with a one person, it can be assumed by anyone who needs it.
IAM roles are invaluable in AWS, and in this article, we’ll be looking at how to create, attach, and detach AWS IAM roles.
Creating IAM Roles for an AWS Service
There are various ways to create IAM roles in AWS. You can use the AWS Management Console, the AWS CLI, the Tool for Windows PowerShell, or the IAM api. In this tutorial, I’ll only cover how to create IAM roles via the AWS Management Console.
- Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
- In the navigation pane of the IAM console, choose
Trusted entity type section, select
Use case, select the use case for your service, and here I’ll be going for
EC2. When you’ve selected your use case, click
5. Select one or more permission policies to attach to your new role. There are more than 750 roles you can choose from. You can also create a new policy by clicking on the
Create Policy button on the top right corner. For this tutorial, I selected
IAMReadOnlyAccess. This policy provides read-only access to IAM via the AWS management console. After choosing a permission policy, click next.
6. This is the last step. Here you’re to provide a
Role name, optionally add tags to your role, and review the details of the role you’re about to create.
Role name helps you identify the purpose of the role you’re creating, and it must be unique within your AWS account.
IAM tags are key-value pairs that you can add to your role. Tags can include user information, such as an email address.
After providing a role name and reviewing the role, and if you’re satisfied with the details you’ve provided, click on
create role to create the new role, else you can use the
previous button to go back and edit. You can also click on
cancel if you’d like to start all over again.
How to Attach an IAM Role to an Instance
We’re done creating our brand new IAM role, but how the we attach them to an instance?
- In the navigation pane of the EC2 console, choose
2. Select an instance, and in the upper-right section, choose
Modify IAM role.
3. Under the
Modify IAM role section, click on the
Choose IAM role dropdown and select the role you’ve created, after which you can click on the
Update IAM role button to attach the role to your instance.
How to Detach an IAM Role
If we no longer want an IAM role to be associated with an instance, we can easily detach it from the instance.
- Chances are you’re already in the
InstancesService, but if not, navigate to the Instances Service.
Select an instance, and in the upper-right section, choose
Modify IAM role.
3. Click on the
Choose IAM role dropdown, select
No IAM role and click on
Update IAM role.
4. In the confirmation dialog box, enter
Detach and click on the
In this guide, we looked at what IAM roles are, and how they enable our applications to make secure API requests from instances without having to worry about the security credentials that the application uses.
We also had a step-by-step look at how to create, attach, and detach IAM roles from an instance.
I hope this is easy to understand and implement – and I hope you enjoyed it!
Want to be part of a vibrant tech community?
Then join the Andela Talent Network!
If you found this blog useful, check out our other blog posts for more essential insights!