How Do I Create an AWS IAM Instanceprofile?

Introduction

In this guide, we will explain how to create an AWS IAM Instance Profile. An IAM Instance Profile is crucial for managing IAM roles that are assigned to EC2 instances. This allows applications on these instances to securely interact with AWS services.

Step-by-Step Guide

We will use the following AWS resources to accomplish this task:

• aws_iam_role: This resource defines the IAM role, which grants your EC2 instances permissions to communicate with other AWS services.
• aws_iam_instance_profile: This resource creates an instance profile to associate the IAM role with your EC2 instances.

Below is the complete TypeScript code to create an AWS IAM instance profile:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an IAM role
const example = new aws.iam.Role("example", {
    name: "example-role",
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: {
                Service: "ec2.amazonaws.com",
            },
        }],
    }),
    inlinePolicies: [{
        name: "example-policy",
        policy: JSON.stringify({
            Version: "2012-10-17",
            Statement: [{
                Action: ["s3:ListBucket"],
                Effect: "Allow",
                Resource: "*",
            }],
        }),
    }],
});
// Create an IAM instance profile
const exampleProfile = new aws.iam.InstanceProfile("example_profile", {
    name: "example-instance-profile",
    role: example.name,
});
export const instanceProfileName = exampleProfile.name;

Explanation

1. Create an IAM Role:

   • We define an IAM role named example-role using aws_iam_role.
   • The role includes an assume role policy that allows EC2 service to assume this role.
   • An inline policy is added to grant specific permissions, such as listing S3 buckets.

2. Create an IAM Instance Profile:

   • We create an instance profile named example-instance-profile using aws_iam_instance_profile.
   • This instance profile is linked to the previously defined IAM role.

3. Export the Instance Profile Name:

   • The instance profile name is exported for reference, which can be useful for other resources or configurations.

Summary

In summary, we successfully created an AWS IAM instance profile by defining an IAM role and associating it with an instance profile. This configuration is vital for managing permissions securely for applications running on EC2 instances. By following these steps, you can ensure that your EC2 instances have the necessary permissions to interact with AWS services securely.