Let's learn how to create an IAM custom role & assign that to EC2 Instance.
The role is a replacement of credentials.
In simple terminology, a role would have two ends like source and destination where the source is EC2 Instance & destination is AmazonS3FullAccess OR AmazonEC2FullAccess.
Generally, Roles are assigned to EC2 Instances.
How to attach a role to EC2 Instance?
We can attach in step3 while creating EC2 Instance
OR
For existing EC2 Instances, Select EC2 Machine - Actions - Modify IAM Role - Select custom role.
NOTE:
If the role assigned is AmazonS3FullAccess, we can create S3bucket only from the EC2 terminal.
If the role assigned was IAMFullAccess, we can create anything related to IAM from the EC2 terminal.
We don't need to configure anything.
We can start using all AWS CLI commands from the terminal based on the role assigned.
Connect to EC2 Instance via Putty
Execute AWS CLI Commands as per the given role
Below are few examples:
===================
From the CLI, how to see all the list of buckets that were created already
aws s3 ls (list s3 objects)
Every command starts with aws followed by service name.
How to create a bucket via CLI?
aws s3 mb s3://mybucket
How to upload an object into a bucket via CLI?
aws s3 cp test.txt s3://mybucket/test.txt
How to create an IAM user via CLI?
aws iam create-user --user-name john
How to create an IAM group via CLI?
aws iam create-group --group-name mygroup
AWS CLI Command Reference -
https://docs.aws.amazon.com/cli/latest/reference/