1. Answers
  2. Building AWS IAM Instance Profiles

How Do I Build an AWS IAM Instanceprofile?

Introduction

AWS Identity and Access Management (IAM) instance profiles are vital for managing permissions and access in AWS environments. They allow EC2 instances to assume roles and access AWS resources securely. This guide provides a step-by-step process to build an AWS IAM instance profile using Pulumi in TypeScript.

Step-by-Step Process to Build an AWS IAM Instance Profile

To create an AWS IAM instance profile, you will need to define and configure three key resources: aws_iam_role, aws_iam_role_policy, and aws_iam_instance_profile. Below is an explanation of each step involved:

  1. Define the IAM Role (aws_iam_role):

    • Create an IAM role that EC2 instances can assume. This role requires a trust policy allowing EC2 services to assume it.

  2. Attach a Policy to the Role (aws_iam_role_policy):

    • Define a policy that specifies the permissions and actions the role can perform. Attach this policy to the IAM role to enable access to necessary AWS services or resources.

  3. Create the Instance Profile (aws_iam_instance_profile):

    • Wrap the IAM role in an instance profile. This profile can then be associated with EC2 instances, allowing them to use the permissions defined in the IAM role.

Here is a code example demonstrating these steps:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Define the IAM role
const example = new aws.iam.Role("example", {
    name: "example-role",
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: {
                Service: "ec2.amazonaws.com",
            },
        }],
    }),
});
// Define a policy to attach to the role
const exampleRolePolicy = new aws.iam.RolePolicy("example", {
    name: "example-policy",
    role: example.id,
    policy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: [
                "s3:ListBucket",
                "s3:GetObject",
            ],
            Effect: "Allow",
            Resource: "*",
        }],
    }),
});
// Create the instance profile
const exampleInstanceProfile = new aws.iam.InstanceProfile("example", {
    name: "example-instance-profile",
    role: example.name,
});
export const roleName = example.name;
export const instanceProfileName = exampleInstanceProfile.name;

Key Points

  • IAM Role: Defines who can assume the role and what services are trusted.
  • Role Policy: Specifies permissions granted to the role.
  • Instance Profile: Allows EC2 instances to assume the IAM role and utilize its permissions.

Conclusion

Creating an AWS IAM instance profile involves defining an IAM role, attaching a policy to it, and wrapping it in an instance profile. This setup is crucial for securely managing permissions and access for EC2 instances within AWS. By following the steps outlined above, you can efficiently build and manage IAM instance profiles, ensuring your AWS resources are accessed securely and appropriately.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up