# Create AWS Role

### Step 1: Log in to the AWS Management Console

1\. Open the AWS Management Console: <https://aws.amazon.com/console/>.

2\. Navigate to the IAM (Identity and Access Management) service.

<br>

### Step 2: Create the Role

1\. In the IAM dashboard, click Roles in the left navigation pane.

2\. Click Create Role.

3\. Under Select trusted entity, choose AWS Account.

4\. Enter the AWS Account ID:

• Select Another AWS account.

• Enter 851725229460 (the account ID).

5\. Click Next to proceed.

<br>

### Step 3: Attach the Policy

1\. On the Permissions page, select Create policy (if you don’t already have a policy for EC2 permissions).

2\. Define the policy:

• Choose the JSON tab.

• Paste the following policy to allow listing, describing, starting, and stopping EC2 instances:

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:RebootInstances",
                "sts:GetSessionToken",
                "ec2:DescribeInstances",
                "ec2:StartInstances",
                "ec2:DescribeInstanceAttribute",
                "ec2:DescribeRegions",
                "ec2:DescribeInstanceTypes",
                "sts:GetCallerIdentity",
                "ec2:StopInstances",
                "ec2:DescribeInstanceStatus"
            ],
            "Resource": "*"
        }
    ]
}
```

###

### Step 5: Verify the Role Trust Policy

1\. Go to the Roles section and select the role you just created.

2\. Under the Trust relationships tab, ensure the trust policy looks like this:

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:sts::605134468875:assumed-role/cloudplansbatch/CloudPlansAssumeRoleSession"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudplans.io/organization/credentials/create/create-aws-role.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.