Using AWS Role Credentials, Part II

This entry documents the creation of the IAM role to support dynamic credentials in EC2.  From the AWS Console, select the IAM application | Roles, then create a role as follows:

 

 

 

 

The highlighted portion can be redone in order to limit access to an individual bucket.  The buckets are referenced by an ARN.  You would think that "arn:aws:s3:::SPARETIMENOTEBOOK/*" would be sufficient, but as it turns out, it is not.  This is documented elsewhere, but the best description I found was here.  The modified "Resource" section of the policy is shown below.

 

After creating the role, it will appear in the list and be ready for use.

 

In the next entry, I will launch an EC2 instance using this role and run the test application.