AWS IAM EC2 Instance Role using Terraform

IAM Roles are used to granting the application access to AWS Services without using permanent credentials.

IAM Role is one of the safer ways to give permission to your EC2 instances.

We can attach roles to an EC2 instance, and that allows us to give permission to EC2 instance to use other AWS Services eg: S3 buckets


  • Give EC2 instance access to S3 bucket


  • Create a file
  • Create an IAM role by copy-paste the content of a below-mentioned link
  • assume_role_policy — (Required) The policy that grants an entity permission to assume the role.
  • This is going to create IAM role but we can’t link this role to AWS instance and for that, we need EC2 instance Profile


  • Create EC2 Instance Profile
  • Now if we execute the above code, we have Role and Instance Profile but with no permission.
  • Next step is to add IAM Policies which allows EC2 instance to execute specific commands for eg: access to S3 Bucket


  • Adding IAM Policies
  • To give full access to S3 bucket


  • Attach this role to EC2 instance

It’s time to execute code

1: This will initialize the terraform working directory OR it will download plugins for a provider(example: aws)

2: Let you see what terraform will do before making the actual changes

3: To actually create the instance we need to run terraform apply

AWS Community Builder, Ex-Redhat, Author, Blogger, YouTuber, RHCA, RHCDS, RHCE, Docker Certified,4XAWS, CCNA, MCP, Certified Jenkins, Terraform Certified, 1XGCP

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store