IAM roles for Amazon EC2 instances allows an EC2 instance make AWS service calls on our behalf. This allows us to have temporary credentials rather than hard coding them on to the instance if we want to make calls to AWS services. In this article we will see how to create an IAM role.

In HowTo: Create an IAM Policy we created an IAM policy, here will create an IAM role so an EC2 instance will be able to make use it.

We’ll start this by going to the AWS Console and clicking on IAM.

Click on Roles

We’ll click on the Create New Role button.

Now we named the role, for this example we’ll set the role name to be ReadBilling.

Then click on the Next Step button.

And we will create an Amazon EC2 service role.

Now we pick the policies to attach. For this example, we’ll search for the ReadBilling policy that we created in HowTo: Create an IAM Policy.

Select the ReadBilling policy.

If there were other policies we wanted to add, we could repeat the process of searching for the policy and selecting it. In this case however, we just want the one policy.

Once we have the desired policies selected, click the Next Step button.

Review the role then click Create Role.

The IAM role is setup and ready to go.