Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Creating an ec2 instance along with IAM roles using cloud formation

Tags:

amazon-web-services

amazon-cloudformation

I'm very new to Amazon cloudformation technique. I'm trying to launch an ec2 instance along with the IAM roles.

I have cloudformation script for this. But the problem I face is the IAM roles and Ec2 instances are created, but they aren't tied with each other.

I did create the IAM-roles using AWS::IAM::Role and AWS::IAM::InstanceProfile.

Is there any other command that I should use?

Thanks in advance.

like image 631
sriram Avatar asked Dec 04 '22 00:12

sriram

1 Answers

Had to dig to get the final result, but here's an example of

  1. Defining an access role (this will allow the EC2 instance to step into / assume to role),
  2. Defining a policy for the role (i.e. when the EC2 assumes the role, what resources does it have access to),

  3. Defining the instance profile (that is referenced by the EC2 instance, and has the access role mapped in)

    "S3AccessRole" : {
    "Type"  : "AWS::IAM::Role",
    "Properties" : {
        "AssumeRolePolicyDocument" : {
            "Statement" : [ {
                "Effect" : "Allow",
                "Principal" : {
                    "Service" : [ "ec2.amazonaws.com" ]
                },
                "Action" : [ "sts:AssumeRole" ]
            } ]
        },
        "Path" : "/"
    }
},

"S3RolePolicies" : {
    "Type" : "AWS::IAM::Policy",
    "Properties" : {
        "PolicyName" : "s3access",
        "PolicyDocument" : {
            "Statement" : [ {
                "Effect" : "Allow",
                "Action" : "s3:*",
                "Resource" : "*"
            }]
        },
        "Roles" : [ { "Ref" : "S3AccessRole" } ]
    }
},

"S3InstanceProfile" : {
    "Type" : "AWS::IAM::InstanceProfile",
    "Properties" : {
        "Path" : "/",
        "Roles" : [ { "Ref" : "S3AccessRole" } ]
    }
}

The policy above allows all access to s3 resources. Adjust according to your needs. The IamInstanceProfile reference in the EC2 instance properties would refer be { "Ref" : "S3InstanceProfile" }

Note that as of May 2015, when you creating a stack that creates IAM roles, you need to check a box acknowledging such creation, otherwise you'll get a "Stack creation error: Requires capabilities : [CAPABILITY_IAM]" error.

like image 114
Brett Avatar answered May 15 '23 12:05

Brett
Sign in to Comment

Related questions

Redirecting Puppeteer screenshot to S3
AWS S3 uploaded files not showing
aws-cli not found on macOS
AWS SNS error - Invalid parameter while publishing message using aws-cli
Can't install docker on amazon linux instance
When does SNS retry a message to Lambda, and can I force it?
How to increase _cluster/settings/cluster.max_shards_per_node for AWS Elasticsearch Service
how can i create a load balancer in AWS using the AWS java sdk
How to run a Jar in Amazon EC2?
Read replicas in RDS AWS
Error related to AWS Sqs Queue in Laravel
Cloudformation nested stack outputs in yaml
Update cloudfront configuration using awscli
S3 bucket policy: allow full access to a bucket and all its objects
Access denied on AWS s3 bucket even with bucket and/or user policy
Node JS + AWS Promise Triggered Twice
Are Get request with body allowed on AWS? 403 error from CloudFront
How to use Tensorflow Lite on AWS Lambda
Access Denied Error from protected routes from react app hosted on AWS Amplify
AWS S3 PHP can I upload a file directly to a folder in a bucket

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!