Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to assign IAM role to users or groups

Tags:

permissions

roles

amazon-web-services

amazon-ec2

amazon-iam

I know how to create user, group and role in AWS IAM. I can also attach policies to each of them. For example, after selecting a group, you can go to permissions tab, and attach some policies to it.

However, I don't know how to attach a role to a user or group.

I looked on documentation and forums, but did not find anything, and appreciate your help.

like image 971
Alisa Avatar asked Jan 03 '18 21:01

Alisa

People also ask

How do I assign a role to an IAM user in AWS?

To create a role (console)Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ . In the navigation pane of the console, choose Roles and then choose Create role. Choose AWS account role type. To create a role for your account, choose This account.

How are permissions assigned to an IAM group?

IAM user groupsAny user in that user group automatically has the permissions that are assigned to the user group. If a new user joins your organization and should have administrator privileges, you can assign the appropriate permissions by adding the user to that user group.

How do you assume the role of an IAM user?

Create the IAM role and attach the policy Because this IAM role is assumed by an IAM user, you must specify a principal that allows IAM users to assume that role. For example, a principal similar to arn:aws:iam::123456789012:root allows all IAM identities of the account to assume that role.

2 Answers

You can't assign IAM role to IAM user or group, see the notes from this AWS official doc :- https://aws.amazon.com/iam/faqs/

Q: Can I add an IAM role to an IAM group?

Not at this time.

And

Q: What is an IAM role?

An IAM role is an IAM entity that defines a set of permissions for making AWS service requests. IAM roles are not associated with a specific user or group. Instead, trusted entities assume roles, such as IAM users, applications, or AWS services such as EC2.

It looks like it's not straight forward to attach IAM role to IAM user, follow https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html on how to do it.

In the past, I've created IAM role for my ec2-instance and when launching that instance, I can choose that IAM role and my ec2-instance will have all the permissions set in that IAM role, likewise you can assign a role to other ec2-services, this is the most used scenario of IAM role.

like image 76
Amit Avatar answered Oct 07 '22 07:10

Amit

To assign IAM role to an IAM user, do the following:

  1. Open the IAM Dashboard
  2. Select the role that you want to assign to an IAM user
  3. Edit the trust policy
  4. add the ARN of the IAM user in the Principal's section

That's it. Now test it out using the Switch Role feature.

Follow the same procedure to assign IAM role to an IAM group.

like image 30
user12054114 Avatar answered Oct 07 '22 06:10

user12054114
Sign in to Comment

Related questions

Elastic Beanstalk Change ELB Type
How to get the URL of a file on AWS S3 using aws-sdk?
aws-amplify Authentication...how to access tokens on successful Auth.signIn?
Pagination with DynamoDBMapper Java AWS SDK
unable to call firefox from selenium in python on AWS machine
Amazon RDS MySQL instance performs very slow
What is the minimum healthy percent and maximum percent in Amazon ECS
How to query cloudwatch logs using boto3 in python
A client error (400) occurred when calling the HeadObject operation: Bad Request Completed 1 part(s) with ... file(s) remaining
Transferring Files between two EC2 Instances in the same region
AWS CLI: ECR list-images, get newest
Get hosted zone for cloudfront distribution
Amazon DynamoDB mapping enums
How to list _all_ objects in Amazon S3 bucket?
How to delete untagged images from AWS ECR Container Registry
Remotely debugging my node app that is hosted on AWS
Amazon API Gateway in front of ELB and ECS Cluster
How many records can be in S3 put() event lambda trigger?
DynamoDB: updateItem only if it already exists
Is the most recent AWSALB cookie required? (AWS ELB Application Load Balancer)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!