Roles are used to allow AWS services to perform actions on your behalf.Roles are used to grant specific privileges to specific actors.
Roles are more secure than storing your access key and secret access key on individual EC2
Roles are easier to manage.
Previously this option is not available.
Roles are universal,you can use them in any region.
Steps to create a role and attaching to EC2 instance.
- Navigate to IAM dashboard to create an IAM role
- Select Roles option from dashboard and select“Create Role”option.
3. We have four option in the roles,We are going to create this role under“AWS Services”, and select the EC2.
4. After selecting EC2,we have to select the appropriate UseCase. We would like to call some AWS services on our behalf to the EC2 instance.Select EC2 and click on Next:Permissions
5. In this step,we have to select the policy,you can generate a new policy based on your requirement or choose existing policy.
6. Select appropriate role,based on your requirement,am selecting Administrator Access role Then Select Review.
7. In review page,Give a name for the role and a valid description and select Create Role option.
8. Now launch an EC2 instance and try to access/call any AWS service to verify the role.
9.Logged into EC2 instance and elevated privileges to root and trying to find the .aws directory under / , but we cannot find, That means we don’t have any credentials on instance.
10. Try to access any AWS service,here am trying to list the S3 buckets by AWS s3is command.
11. we are able to access the resources and now here storing the access key ID and secret access key.
Steps to Attach/Replace role from a Running Instance
- Select the Instance and go to Actions button and we can find Attach/Replace IAM Role under Instance Settings.
2.Select IAM role filed,automatically it will drop down the available roles along with No Role option,Select the required option and click on Apply.It will take effect immediately.
Instance meta data is data about your instance that you can use to configure or manage the running instance.This is unique in that it is a mechanism to obtain AWS properties of the instance from with in the OS.By using below URL we can query the local instance metadata.
When you enter this URL,it’ll return with all the available information to get.We can give the required option after meta-data/you’ll get the information.
Steps to get the instance Metadata:
- I’ve logged into my EC2 instance
- Enter the metadata url
More Information :https://www.fgrade.com/aws/