Create And Assign An IAM Role To EC2 Instance

In this article , We will learn how to create an IAM Role using AWS Console and then we are going to attach or replace the IAM Role with the Existing EC2 Instance.

What Is IAM Role?

IAM (Identify and Access Management) is an IAM entity which holds a set of permissions for making AWS service requests.

In other words , IAM Role is a medium which is used to communicate between the AWS services.For Example , EC2 Instance wants to communicate with S3 Bucket.

IAM Roles are mostly associated with AWS Services such as EC2 and IAM Roles cannot be attached with the IAM Users and Groups.

Creating An IAM Role

In this guide , We will create an IAM Role for EC2 Instance with Full access to S3 Bucket.

Then We have to attach that IAM Role with the EC2 Instance So that It will be able to send or receive files from the S3 Bucket.

To Create an IAM Role , Login to IAM Console ,

In the Left pane , Choose Roles.Then Click Create role

Select The Type Of Trusted Entity

Choose AWS Service , Under use case , Select EC2

So What we are doing here is , We are Allowing the EC2 Instance to make requests to other AWS Services.

Choose Next: permissions

You can either Create a Custom IAM Policy or You can use AWS Managed Policies.

Each IAM Policies has a set permissions necessary to perform certain operations.

In the search , Type S3FullAccess , Check the Policy ,

Then Click Next: Tags , You can add a Tag and then Click Next: Review

Provide a name for the IAM Role and a short description and click Create role.

Now that We have created an IAM Role required for the EC2 Instance to Communicate with S3 Buckets.

Lets go ahead and attach this IAM Role with the EC2 Instance.

I have published a separate articles on how to

Create EC2 Instance using Terraform

Create EC2 Instance using AWS Console

Attach IAM Role To EC2 Instance

Login to EC2 Console , Choose Instances

Select the Instance , Under Actions –> Instance Settings –> Attach/Replace IAM Role

Search for the IAM Role which we have created.

Select the Role and Click Apply

Under the Description of the EC2 Instance , You can verify that the IAM Role is attached with the Instance.

Replacing An IAM Role

Lets say you want to add more permissions to the IAM Role In such a way that the EC2 Instance can communicate with S3 Buckets and the Lambda Functions.

In this case , We will add the necessary lambda function IAM policies to the same IAM Role which we have created.

To do so , Login to IAM Console , Choose Roles ,

In some cases We might need to create a separate IAM Role.

So we will create a new IAM Role , use case be EC2 , Under permissions ,

Check both S3FullAccess and LambdaFullAccess policies.

Now that We can see both S3 and Lambda policies are attached to the same IAM Role , Click Create role.

Lets go ahead and replace the role from the EC2 Instance.

Select the Instance , Under Actions –> Instance Settings –> Attach/Replace IAM Role

You will see both the Roles , Select the latest one and Click Apply.

During this Process , You might get an error like below:

The association iip-assoc-09244gn810hd834ac is not the active association

Remove the Existing Role , By select No Role and click Apply.

Then Attach the New Role following the same process: Under Actions –> Instance Settings –> Attach/Replace IAM Role , Select the Role and Apply.

This method should work.


We have learnt how to create an IAM Role , and attach or replace an IAM Role from the Existing EC2 Instance.

Hope this article helps , Thanks for reading this article.

Please do check out my other publications.