Hands-On: Creating an IAM Role

Learn to create an IAM role to assign to EC2 instances.

We'll cover the following

Security implications
Create an IAM role
Add permissions to assign IAM role to EC2 instance
Create a new launch template version
Update launch template default version

Now that the wordpress user has access to the SSM parameter store, we also need to make sure that our EC2 instances can read from the SSM parameter store.

To do so, we need to define an IAM role that will be attached to our EC2 instances through the launch template.

The mechanism to attach an IAM role to an EC2 instance via a launch profile is called an IamInstanceProfile and is a field of the launch template specification.

Security implications

Doing this is a bit tricky because it has big implications on security. If we assign broad permissions to either the wordpress user or the IAM role we want to attach, it could lead to something called privilege escalation. Privilege escalation is a security issue where a user or service gains more permissions (privileges) than were originally assigned.

Get hands-on with 1400+ tech skills courses.

Introduction

Cloud Principles

Getting Started: Setup and First Steps

AWS Console and User Management

Amazon EC2: Where It All Began

Assessment 1/3: Cloud Basics and EC2

Hands-On: Let's Run Your Own Blog

Basic Networking and Security

Managed Services: Databases with RDS

Hands-On: Move the Database to RDS

Storage

Hands-On: Using AWS Storage Options

SSM Parameter Store

Assessment 2/3: Storage, Networking, and Databases

Load Balancing and Autoscaling

Hands-On: Scale Our Application

High Availability (HA) and Disaster Recovery (DR)

Hands-On: Make Your Website Highly Available

DNS, HTTPS, and Route 53

Bonus Hands-On: Going Live

Summary

Assessment 3/3: Load Balancing, High Availability, DNS & Routing

Feedback

Appendix

Hands-On: Creating an IAM Role

Security implications