AWS IAM Role
Use of external data services in AWS will make charges your account. Please make sure to perform the cleanup per the notes at the bottom of the lab.
The following Lab focuses on creating an AWS IAM Role in support of Amazon Resources in Retool that employ Role to Assume (ARN)
. An AWS IAM Role is an identity that you create in AWS with specific permissions but isn't associated with a specific user or group. Instead, it's designed to be assumed by anyone who needs it and has permissions to assume it. Roles are the recommended mechanism to grant permissions to entities you trust, whether they're AWS services, applications, or users from other AWS accounts. They provide temporary security credentials, following the security best practice of least privilege access.
Requirements
To configure AWS IAM Roles the following is required:
- AWS Account with Administrative user
Steps
AWS IAM Roles provide the path used for scoping permissions to least privileged. As an example, you may want to provide read-only access to an Amazon SQS queue. SQS has many privileges including sqs:SendMessage
, sqs:DeleteMessage
, sqs:ChangeMessageVisibility
, sqs:PurgeQueue
, sqs:CreateQueue
, and more. Customer can employ AWS Managed Policies or Inline Policies for example to scope the permissions to what they require.
Create an AWS IAM Role for Amazon SQS using AWS Managed Permission Group
- Login to AWS Management Console with a user that has administrative privileges to create AWS IAM Roles.
- Select AWS Identity and Access Management (IAM)
- Select Access management > Roles
- Select Create role > AWS account > Next
- Under
Add permissions
enterSQS
. SelectAmazonSQSFullAccess
for the policy and select Next. - Under
Role details
specify a Role name ofRetoolSQSRole
and enter a description for the role. - Select Create role. Under search, type
RetoolSQSRole
so that you can retrieve the Amazon Resource Name, this is a unique value that is used in Retool or other systems to refer to the Role that you will assume. It will appears something like:
arn:aws:iam::<AWS Acccount ID>:role/RetoolSQSRole
Create an AWS IAM Role for Amazon SNS using AWS Managed Permission Group
- Login to AWS Management Console with a user that has administrative privileges to create AWS IAM Roles.
- Select AWS Identity and Access Management (IAM)
- Select Access management > Roles
- Select Create role > AWS account > Next
- Under
Add permissions
enterSNS
. SelectAmazonSNSFullAccess
for the policy and select Next. - Under
Role details
specify a Role name ofRetoolSNSRole
and enter a description for the role. - Select Create role. Under search, type
RetoolSNSRole
so that you can retrieve the Amazon Resource Name, this is a unique value that is used in Retool or other systems to refer to the Role that you will assume. It will appears something like:
arn:aws:iam::<AWS Acccount ID>:role/RetoolSNSRole