User guide
Note
Policies can also be represented in JSON format. Here is a policy that provides read ("Get" and
"List") access to Amazon S3.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "*"
}
]
}
This is the policy that provides a trust relationship with EC2, allowing your instance to assume
the IAM role:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Remember the name of the IAM role that you create.You'll need to provide it when you create your EC2
instance in the next step.
Launch an EC2 Instance with an Instance Profile
To create an EC2 instance, follow the procedure Running an Instance in the Amazon Elastic Compute
Cloud User Guide.We recommend that you specify a recent Amazon Linux AMI for your EC2 instance.
When you create the EC2 instance, specify the IAM role that you created previously in the IAM console.
This role can be used by your application through the Instance Meta Data Service (IMDS).
When you create your EC2 instance, you also need to specify a key pair and a security group. Make sure
to use a key pair for which you have the private key (PEM file) stored on your local computer. Specify a
security group that enables you to connect to your EC2 instance using SSH (port 22).
Note
Information about key pairs and security groups is provided in Running an Instance in the Amazon
Elastic Compute Cloud User Guide.
After you create the EC2 instance, go to the EC2 Instances area of the AWS Management Console and
view your instance. Once the instance is Running, record the public DNS name for the instance.You
will use this DNS name to connect to the instance with SSH.
Version v1.0.0
32
AWS SDK for Java Developer Guide
Using IAM Roles for EC2 Instances