Simple Howto: AWS IAM Instance Profiles

For those of you looking to set up applications to run on EC2 instances without having to put credentials on the machines, there is an option. AWS has a great feature for exactly this purpose, and it’s called IAM Instance Profiles.

The IAM Instance Profile feature allows EC2 instances to call other AWS services on your behalf, with no need for setting up keys on the instance. AWS takes care of securing the keys within instance metadata, and also rotates keys regularly. More info here.

In my case, I was trying to setup Logstash to run on EC2 instances, talking to S3 buckets, without having to hard-code keys or upload them to the instance itself. This AWS feature saved the day.

Let’s get started with setting up an IAM Instance Profile. To begin with, login to the AWS Console and head to Identity and Access Management (IAM). Once there, click “Create Role”. Then, enter a name for the role:

role (1)

On the next page, select Role Type as “Amazon EC2”. This will create the necessary IAM Instance Profile in the background, with the same name as the role.

role (2)

Next, attach a policy to this role depending on your use case. In my case I wanted S3 access from my instances, so I selected AmazonS3FullAccess.

role (3)

Click Finish. On the review page, grab the Role ARN for later use. We’re done!

role (4)

Now, to launch instances using this IAM Instance Profile, simply select the IAM Role from the dropdown on the “Configure Instance Details” page.

role (5)png

You’re all set with IAM Instance Profiles!

This entry was posted in Amazon Web Services, Tech. and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s