Create AWS Role

Step 1: Log in to the AWS Management Console

1. Open the AWS Management Console: .

2. Navigate to the IAM (Identity and Access Management) service.

Step 2: Create the Role

1. In the IAM dashboard, click Roles in the left navigation pane.

2. Click Create Role.

3. Under Select trusted entity, choose AWS Account.

4. Enter the AWS Account ID:

• Select Another AWS account.

• Enter 851725229460 (the account ID).

5. Click Next to proceed.

Step 3: Attach the Policy

1. On the Permissions page, select Create policy (if you don’t already have a policy for EC2 permissions).

2. Define the policy:

• Choose the JSON tab.

• Paste the following policy to allow listing, describing, starting, and stopping EC2 instances:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:RebootInstances",
                "sts:GetSessionToken",
                "ec2:DescribeInstances",
                "ec2:StartInstances",
                "ec2:DescribeInstanceAttribute",
                "ec2:DescribeRegions",
                "ec2:DescribeInstanceTypes",
                "sts:GetCallerIdentity",
                "ec2:StopInstances",
                "ec2:DescribeInstanceStatus"
            ],
            "Resource": "*"
        }
    ]
}

Step 5: Verify the Role Trust Policy

1. Go to the Roles section and select the role you just created.

2. Under the Trust relationships tab, ensure the trust policy looks like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:sts::605134468875:assumed-role/cloudplansbatch/CloudPlansAssumeRoleSession"
                ]
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

PreviousCreate Azure Service Principal NextCreate Google Cloud Bindings

Last updated 5 months ago