AWS Identity and Access Management (IAM) is a web service that helps to securely control user access to AWS resources through authentication and authorization. For more information on IAM, refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-iam.html.

Where to start?


 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
               "ec2:DescribeInstances",
               "ec2:DescribeAddresses",
               "ec2:DescribeNetworkInterfaces",
               "ec2:DescribeInstanceAttribute",
               "ec2:DescribeRegions",
               "ec2:ModifyInstanceAttribute",
               "ec2:DescribeInstanceStatus",
               "ec2:DescribeSubnets",
               "s3:Get*",
               "s3:List*",
               "events:PutRule",
               "cloudwatch:PutMetricData"
            ],
            "Resource": "*"
        }
    ]
}

To create a Policy and associate it to a Role for the SBC, complete the following steps:

  1. Navigate to IAM Dashboard: https://console.aws.amazon.com/iam/home
  2. Select Policies from the left panel.
    The Policies page displays:
  3. Click Create Policy.
    The Create Policies page displays:
  4. Click on the JSON tab.
    The JSON editor panel appears:

  5. Update the policy to include the following content:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "*"
        }
    ]
}
  6. Click Review Policy.
  7. Enter a name for the policy and a description, then click Create Policy.
    The Create Policy window appears:
  8. The user will get an indication that the policy was created and the create policy window appears again.
  9. Click Roles
    The Roles window appears:
  10. Click Create Role.
    The Create role window appears:
  11. Select EC2 as the service that will use this role, then click Next: Permissions
  12. The Attach permissions policies window appears:
  13. In the search window next to Filter policies, type the name of the policy you just created, then select it from the list. 
  14. Click Next: tags
    The Add tags window appears:
  15. If desired, enter a tag. Click Next: Review
    The Create Role Review page is displayed:
  16. Enter a Role name and then click Create Role.
    The user returns to the Create Role window.
  17. You can verify that your role was created by typing the name of the created role in the search area.


For more information on creating and using IAM roles and policies, refer to AWS online documentation at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html and https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policies-for-amazon-ec2.html.