Create an IAM Role for S3 Access

Access to resources by users and services is controlled by Identity and Access Management (IAM). For an in depth introduction, see the AWS Identity and Access Management User Guide.

In this section we’ll create a role that later on you can attach to any instances that you launch such that they can access your files in S3.

The first step is to search for IAM in the top search bar.


In the IAM Dashboard, in the left pane, choose Roles


Then choose Create Role


For Select type of trusted entity, choose AWS Service. iam-1

For Choose the use case, select EC2, and then choose Next: Permissions.


In the search field, type S3 and choose the AmazonS3FullAccess policy to provide full Amazon S3 access for your Amazon EC2 instance.

iam-1 Choose Next: Tags (leave the default settings) and finally pick Choose Next: Review.

Type a Role Name, such as S3FullAccess, then choose Create Role.


Note that full access to Amazon S3 is acceptable in the context of this workshop but fine-grained control is highly recommended for anything other than temporary sandbox testing.

We will use this role later on when we create a EC2 instance.