How to Create and Attach an IAM Role to the EC2 Instance
This document is a comprehensive guide to creating an IAM role and attaching it to an EC2 instance, enabling seamless connectivity with other required services within the AWS ecosystem. The AWS IAM policy statements define precise access permissions for various services, granting specific actions and resources to authorized entities. These permissions are essential for installing Paladin Cloud, and this document outlines the list of AWS services that EC2 can connect to using the IAM role.
List of AWS Services:
The following AWS services can be accessed by EC2 instances through the IAM role:
- CloudWatchFullAccess
- AmazonEC2FullAccess
- IAMFullAccess
- AmazonRDSFullAccess
- AmazonS3FullAccess
- AmazonESFullAccess
- AmazonEC2ContainerRegistryFullAccess
- AWSBatchFullAccess
- AmazonECS_FullAccess
- AWSLambda_FullAccess
- AmazonCognitoPowerUser
- AmazonSNSFullAccess
- AWSCertificateManagerFullAccess
- AWSAppSyncAdministrator
- AmazonEventBridgeFullAccess
Deployment Steps for CloudFormation Stack:
To deploy the CloudFormation stack, please follow the steps outlined below:
- Download the cloud formation template file, available here.
- For the base account (the account where the Paladin Cloud application will be deployed), access the AWS console for that account and navigate to CloudFormation.
- Click on Stacks and select Create Stack > With New Resources.
- Under Specify Template, choose Upload a template file and upload the downloaded template file.
- Provide a name for the stack (e.g., PaladinCloudIntegration) and click Next.
- Accept the capability check box and click Submit. This will initiate the creation of the necessary resources and permissions.
By following these steps, you will successfully create the required IAM role, attach it to the EC2 instance, and establish the necessary connectivity with the listed AWS services.