IAM Role for S3, RDS, and CloudWatch

The VPC is ready, the S3 bucket is ready, the RDS instance is ready -- but our app doesn't have permission to access these things.

In this part, we're going to setup the IAM role that our application will use. We will need to include permissions to:

  • Read and write objects to the S3 bucket
  • Query the RDS database
  • Write logs to cloudwatch

Role

step 1:

Navigate to the IAM dashboard

Navigate to the **IAM** dashboard
step 2:

Click on Roles

Click on **Roles**
step 3:

Click on Create role

Click on **Create role**
step 4:

For use case, select EC2

Then click Next

For use case, select **EC2** Then click **Next**
step 5:

In the permissions section, add the CloudWatchAgentServerPolicy

Then click Next

In the permissions section, add the **CloudWatchAgentServerPolicy** Then click **Next**

We will add permissions for RDS and S3 in a moment, it's just really easy to attach the pre made CloudWatchAgentServer policy while setting up the role.

Cloud Course
Cloud Course
$89.70
$299.00 Lifetime
  • 81+ learning resources
  • 57 lessons and tutorials
  • 15 hands-on deployments
  • 9 quizzes
  • 29 videos (4h 17m 38s)
  • More content coming soon
  • Unlimited lifetime access to all course content
  • Deployment assessment CLI tool
  • Exclusive Discord access
Original Price:$299.00
Discount:-$209.30
Total:$89.70