Difference between revisions of "AWS IAM role"

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html

• IAM roles for EC2 instances

Commands[edit]

• aws iam list-roles
• aws iam create-role
• aws iam put-role-policy
• aws iam get-role
• aws iam create-service-linked-role
• aws iam update-role

Errors[edit]

• Cannot attach a Service Role Policy to a Customer Role.

STS[edit]

• aws sts assume-role-with-saml
• aws sts assume-role

Related[edit]

• AWS service roles: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html
• AWS Policies: AWS trust policy
• Iam:GetRole
• rds-monitoring-role
• AWS IAM federation
• Switch role to acounts: OrganizationAccountAccessRole
• KarpenterNode
• IAM Roles for Service Accounts (IRSA)
• AWS policy: AdministratorAccess
• GCP roles
• IAM roles for EC2 instances
• ecsInstanceRole
• eks.amazonaws.com/role-arn: arn:aws:iam::012345678912:role/AmazonEKS_EBS_CSI_DriverRole
• Inherited from node
• Using service-linked roles for Amazon ECS
• Trusted entities

Activities[edit]

• Create a role for SAML federation https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
• Read https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html
• Read Creating a role to delegate permissions to an IAM user: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html
• Understand the difference between service role and service-linked role ^[1]
• How to use trust policies with IAM roles
• Best practices for managing AWS access keys

See also[edit]

• AWS IAM role, AWS service roles, AWS IAM Roles Anywhere: [ list-roles | get-role | create-role | put-role-policy | create-service-linked-role | attach-role-policy | update-role | add-role-to-instance-profile ], aws ec2 describe-iam-instance-profile-associations ], IAM roles for EC2 instances, AWSServiceRoleForAutoScaling
• AWS IAM role, ServiceRoleARN, iam:GetRole, assumed-role, sts:AssumeRole, Trusted entities