Photo by Markus Winkler on Unsplash

How To Create Role in AWS Identity Access Management (IAM) in 5 Steps


The Identity Access Management (IAM) is AWS service dedicated to managing access to services such as the Elastic Compute Cloud (EC2) in the AWS account of an organization or individual. The AWS IAM can manage the what a user can do, and who can access a service or resources within an account or across multiple AWS accounts. The Identity Access Management also manage the permissions of other service when there is a need for one service to communicate with another service in the AWS account. The permissions are defined to make up what is called the policy. A policy, according to AWS, is an object in AWS that, when associated with an identity or resource, defines their permissions. In other words, the combination of permissions make up for the policy for the service, resources or user. Simply put, it also service as a security service.


To follow this tutorial, you will need:

  1. An Amazon Web Service (AWS) account.
  2. A user with IAM permission
  3. An internet connected device.

Step 1: Navigate to the IAM window

Let us begin by searching for IAM in the AWS console.


Then scroll to the Access Management on the left pane of the window, afterwards select Roles.

Step 2: Create IAM Role

You should click on the blue Create Role button on the right pane of the window.

Step 3: Select the service to attach the IAM policy

AWS will give you options to select from the AWS trusted entity type. Let’s take the AWS Service trusted entity type for this demonstration. As it is the very popular options and very important when it comes to granting service access to AWS services.

Under the Use Case, we can select from the many AWS service to create a role for. Here, we will selected the EC2 instance role and grant it S3 and SNS permissions, and it will be attached to an EC2 instance.

Select AWS Service to create the IAM role for.

In the next window, use the search bar to select the permissions S3 and SNS. You will do this one after the other. One you do, click Next button.

Select Amazon s3 for Identity Access Management (IAM) role.

Step 4: Confirm that the IAM configuration is correct

The next window will ask you to provide a name for the role and also review your configuration.

Confirm the services permissions

Step 5: Create your IAM Role

Click the Create Role button.

Click to create the role

And there you have it, you have configured your IAM role for S3 and SNS topic.

Now, you should see your role successfully created.

Confirm the role has been create for IAM

The same process is used for other roles. So, go ahead and practice using other roles. Have fun.






Leave a Reply

Your email address will not be published. Required fields are marked *