1. Answers
  2. Create an AWS IAM Instance Profile

How do I create an AWS IAM instanceprofile?

In this guide, we will cover how to create an AWS IAM Instance Profile. An IAM Instance Profile allows IAM roles to be managed and assigned to EC2 instances, ensuring your applications on EC2 can securely make AWS service requests.

We will use a few key resources to achieve this:

  • aws_iam_role: Defines the IAM role that will allow your EC2 instances to communicate with other AWS services.
  • aws_iam_instance_profile: An instance profile that will associate the IAM role with your EC2 instances.

Here’s the complete program to create an AWS IAM instance profile.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an IAM role
const example = new aws.iam.Role("example", {
    name: "example-role",
    assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Action: "sts:AssumeRole",
            Effect: "Allow",
            Principal: {
                Service: "ec2.amazonaws.com",
            },
        }],
    }),
    inlinePolicies: [{
        name: "example-policy",
        policy: JSON.stringify({
            Version: "2012-10-17",
            Statement: [{
                Action: ["s3:ListBucket"],
                Effect: "Allow",
                Resource: "*",
            }],
        }),
    }],
});
// Create an IAM instance profile
const exampleProfile = new aws.iam.InstanceProfile("example_profile", {
    name: "example-instance-profile",
    role: example.name,
});
export const instanceProfileName = exampleProfile.name;

Key Points:

  • Defined an IAM role with aws_iam_role and provided an assume role policy for EC2 service.
  • Added an inline policy to define specific permissions.
  • Created an instance profile with aws_iam_instance_profile and linked it to the previously defined IAM role.
  • Exported the instance profile name for reference.

Summary

We created an IAM instance profile in AWS by defining an IAM role and associating it with an instance profile. This setup is essential for securely managing permissions for applications running on EC2 instances.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up