IAM Requirements: Role and EC2 instance profile

An EC2 instance profile allows an IAM role to be passed to an EC2 instance, granting it access to specified AWS services. For WorkSpaces Manager, this instance profile must include a role with the necessary permissions to access multiple AWS services, as described previously. These services include CloudWatch, Cost Explorer, EC2, EUC, Pricing, and S3, and the role must have custom policies that enable secure data retrieval from these services.

By attaching the role to the EC2 instance profile, WorkSpaces Manager will have the required permissions to perform its operations without needing manual credential management.

If using the Git Repo for Terraform from Nuvens' public site, the Security Group, Policies, Role, and EC2 Instance Profile will be created together as part of the automated deployment process.

If you are creating the role manually, the custom policies must be created first. Once the policies are in place, follow these steps to create the role:

  1. Navigate to IAM > Roles in the AWS Management Console.

  2. Click on Create Role.

  3. Select AWS Service as the trusted entity.

  4. Under Choose a use case, select EC2 and click Next.

  5. Attach the previously created policies (e.g., WSMCloudwatchPolicy, WSMCostExplorerPolicy, WSMEC2Policy, etc.) to the role.

  6. Proceed through the remaining steps and provide a name for the role, such as WorkSpacesManagerRole.

  7. Complete the role creation process by clicking Create Role.

Last updated