Frequently asked questions.
How to create an AWS role to allow your instance to use AWS Services
One of the most powerful aspects of using AWS is allowing your instances to access AWS services without storing credentials on the instance. To this end roles can be created with very specific permissions that give the instance capabilities to call lots of other AWS services.
In this post we are going to cover how to enable the instance to interact with the native Monitoring platform Cloudwatch and the Management service Systems Manager. by enabling these two services you will be able to collect additional metrics that are not visible at the hypervisor e.g. Disk and Memory utilisation. The System Manager integration will allow you remotely execute commands on the instance plus provide access to the instance via a browser based shell.
Logon to the AWS console and Search for IAM:
Once you have opened the IAM home page select Roles in the Sidebar:
Now we’re going to click the Create Role button:
We are going to configure the role to be able to be used AWS services specifically EC2 then we click next in the wizard
We can grant the instance various permissions here for example we may want to give rights to access S3 buckets or other AWS services. But for now we are going to attach two policies to the Instance Role: AmazonSSMManagedInstanceCore and CloudWatchAgentServerPolicy once we have searched for these policies and checked them we will click next:
OK finally we are going to give the Role a meaningful name so that we can locate it when Launching instances:
