How do I control resource permissions in Amazon Web Services (AWS)?

Overview

You can use roles to allow resources in your account to connect to other resources.

Table of Contents

• Using Roles
• Help Guides

Using Roles

Permissions in AWS are managed with IAM policies. When you add a user to your account, they will usually have the permissions they need. However, you may need to adjust permissions for resources. You can manage permissions using the IAM service. You can assign IAM policies to roles or directly to resources. Since we are using single sign on, you will not be able to create users and groups in your account.

Roles are usually used to allow resources, such as EC2 instances, the ability to connect to other resources, such as an S3 bucket. By default, resources in AWS cannot communicate with each other. Another use case would be to allow an application running in an EC2 instances access to an API gateway in AWS.

Help Guides

Here are some helpful tutorials from AWS on creating and managing roles.

• Creating a role to delegate permissions to an AWS service

• How can I grant my Amazon EC2 instance access to an Amazon S3 bucket?

• How do I assign an existing IAM role to an EC2 instance?