Identity and Access Management roles help manage the credentials that AWS resources need when they access other AWS resources. In this video, learn how to create an IAM role for an EC2 instance.
- [Instructor] Identity and Access Management roles, or IAM roles for short, help manage the credentials that AWS resources need, when they access other AWS resources. In our case, we need to create credentials for our build-server and define the resources the build-server has permission to access. On the AWS Dashboard, if IAM isn't in your recent history, you can find it by searching for IM in the search bar.
On the IAM page, we'll select Roles on the left-hand side. On this screen, we'll click the Create role button. This starts a wizard that walks us through the process of creating our role. At the top of the screen, there are a few different type of trusted entities that we can choose from. We want to keep the default, which is AWS service. Next, we need to choose the type of service that will use this role. We're going to apply this role to an EC2 instance, so we need to select EC2.
Then, we click Permissions, to proceed to the next step. On this screen, and you can attach policies to our role. This is the real meat of the role because the policies grant or deny permission to AWS resources. We could create a policy by clicking the Create policy button, but fortunately, there are hundreds of policies already defined that we can use right away. We want to allow our build-server to deploy applications to Elastic Beanstalk, so lets look for a policy for that.
I'll search for Elastic Beanstalk. In the search results, we can see AWSElasticBeanstalkFullAccess. I'll go ahead and select that. To see the details for this policy, lets click the link. This opens a new tab, where we can get more information on the policy, and if we look at the policy summary, we see that this policy includes permissions for 18 services.
This makes sense, because even though Elastic Beanstalk is one service by itself, it interfaces with many different services behind the scenes. Lets close this tab, and finish creating our role. To move on, we need to review our selections. On this page, we need to give our role a name. I think build-server is probably the best name for it.
For the description, I'll enter a summary of the policy that we attached. Starting with Elastic Beanstalk Full Access, now we can click the Create role button. Now that we have our role in place, we can move on to the next items we need before creating our build-server.
- Creating a Jenkins master instance
- Installing Java, Jenkins, and NGINX
- Creating SMTP credentials for SES
- Planning a build environment
- Creating roles, groups, and key pairs
- Creating a build server
- Connecting a master instance to a build server
- Planning a CI/CD pipeline
- Creating a GitHub repository for application code
- Deploying to Elastic Beanstalk from GitHub
- Adding email notifications
- Removing AWS resources