1 00:00:00,210 --> 00:00:02,070 So on the left hand side of IAM, 2 00:00:02,070 --> 00:00:03,460 there are roles 3 00:00:03,460 --> 00:00:04,910 and you may see zero roles. 4 00:00:04,910 --> 00:00:06,000 Right now I have six, 5 00:00:06,000 --> 00:00:07,720 it's because I use a different kind of account. 6 00:00:07,720 --> 00:00:08,850 So don't worry about it. 7 00:00:08,850 --> 00:00:11,420 Okay. It doesn't matter for this hands on, but we have roles 8 00:00:11,420 --> 00:00:15,010 and roles allow entities in the AWS to get credentials 9 00:00:15,010 --> 00:00:18,290 for a short duration and to do whatever they need to do. 10 00:00:18,290 --> 00:00:19,123 So let's go ahead 11 00:00:19,123 --> 00:00:21,610 and create our first role and we'll have the same thing. 12 00:00:21,610 --> 00:00:25,240 So we are going to choose a trusted entity type. 13 00:00:25,240 --> 00:00:27,180 And as we can see, we have different types. 14 00:00:27,180 --> 00:00:29,940 So we can create roles for either services, if you will. 15 00:00:29,940 --> 00:00:32,210 There are also accounts with identities, SAML Federation 16 00:00:32,210 --> 00:00:33,680 custom trust policy. 17 00:00:33,680 --> 00:00:36,130 All of these are out of scope for the exam. 18 00:00:36,130 --> 00:00:37,100 The only thing we need to know 19 00:00:37,100 --> 00:00:38,900 even for the hands on is just 20 00:00:38,900 --> 00:00:43,680 that we can create role for AWS services and amongst them 21 00:00:43,680 --> 00:00:46,300 the two most common use cases is to create a role 22 00:00:46,300 --> 00:00:50,250 for an EC2 instance or for Lambda function. 23 00:00:50,250 --> 00:00:52,110 But as you can see, you go here. 24 00:00:52,110 --> 00:00:54,530 There are lots of AWS services 25 00:00:54,530 --> 00:00:56,290 that can support having roles, okay. 26 00:00:56,290 --> 00:00:59,030 And the roles are everywhere in AWS. 27 00:00:59,030 --> 00:01:00,570 But to keep it simple right now 28 00:01:00,570 --> 00:01:02,230 we are going to create a role, 29 00:01:02,230 --> 00:01:04,800 an IAM role for the EC2 instances. 30 00:01:04,800 --> 00:01:06,670 So let's click on next. 31 00:01:06,670 --> 00:01:10,970 Okay. Next I'm going to have to assign policies 32 00:01:10,970 --> 00:01:12,730 and permissions to that role. 33 00:01:12,730 --> 00:01:14,890 So we will allow that role to do 34 00:01:14,890 --> 00:01:17,530 IAM read only access. 35 00:01:17,530 --> 00:01:20,170 This is going to allow my EC2 instance to read 36 00:01:20,170 --> 00:01:21,920 from IAM. 37 00:01:21,920 --> 00:01:23,160 We click on next? 38 00:01:23,160 --> 00:01:25,490 And then we have to define a role name. 39 00:01:25,490 --> 00:01:27,730 Okay. So you choose whatever you want for role name 40 00:01:27,730 --> 00:01:31,293 for example, I will enter demo role for EC2. 41 00:01:33,470 --> 00:01:35,230 And then we verify that, yes 42 00:01:35,230 --> 00:01:37,610 we did have the IAM read only access 43 00:01:37,610 --> 00:01:38,680 and we create this role. 44 00:01:38,680 --> 00:01:40,980 So the role has now been created. 45 00:01:40,980 --> 00:01:42,302 And if I click on it 46 00:01:42,302 --> 00:01:45,900 we can verify that the permissions are applied correctly, 47 00:01:45,900 --> 00:01:47,780 the IAM read only access. 48 00:01:47,780 --> 00:01:49,610 And we are not going to use this role right now. 49 00:01:49,610 --> 00:01:50,730 We will stop right here. 50 00:01:50,730 --> 00:01:53,110 But when we get to the EC2 section of this course 51 00:01:53,110 --> 00:01:54,490 we will be leveraging this role 52 00:01:54,490 --> 00:01:57,280 allowing the EC2 instance to perform actions 53 00:01:57,280 --> 00:02:00,420 against IAM and read data from IAM okay. 54 00:02:00,420 --> 00:02:01,410 So that's it for this lecture. 55 00:02:01,410 --> 00:02:02,470 I hope you liked it. 56 00:02:02,470 --> 00:02:04,420 And I will see you in the next lecture.