IAM Roles

To enable access to the S3 bucket and the Secrets Manager that we created, we will create a custom policy and a role.

Create Policy

Log in to the AWS IAM Management Console.
Click on "Policies".
Create a policy that specifically allows read and write permissions only on the S3 bucket that we created in the S3 deployment guide, and only allows read access to the secrets we created in the Secrets Manager deployment guide.
Click on the JSON tab and paste the following JSON string, replacing "datalogz-s3" with the name of the S3 bucket you created in the S3 deployment guide.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": ["s3:PutObject", "s3:GetObject"],
      "Resource": ["arn:aws:s3:::*/*", "arn:aws:s3:::datalogz-s3"]
    },
    {
      "Sid": "VisualEditor01",
      "Effect": "Allow",
      "Action": "secretsmanager:GetSecretValue",
      "Resource": "arn:aws:secretsmanager:*:030677441200:secret:*"
    }
  ]
}

Click "Next: Tags" and optionally add tags for the policy.
Click "Next: Review".
Enter a name for the policy, such as "datalogz-policy-to-access-s3-and-secrets-from-ec2".
Click "Create Policy".

Create Role

Go to "Roles" and click "Create Role".
Choose "AWS service" as the trusted entity type.
Choose "EC2" under "Common use cases".
Click "Next".
In the "Permissions" section, search for the policy we just created and select it.
Click "Next".
Enter a name for the role, such as "datalogz-role-access-resources-from-ec2".
Click "Create Role".

PreviousRDS Databases NextEC2 Instances

Last updated 1 year ago