Create Role

Create a role for EC2 administrators, and attach the managed policies previously created.

  1. Sign in to the AWS Management Console as an IAM user with MFA enabled that can assume roles in your AWS account, and open the IAM console at
  2. In the navigation pane, click Roles and then click Create role.


  1. Click Another AWS account, then enter the account ID of the account you are using now and tick Require MFA, then click Next: Permissions. We enforce MFA here as it is a best practice. iam-role-2

  2. In the search field start typing ec2- then check the box next to the policies you just created: ec2-create-tags, ec2-create-tags-existing, ec2-list-read, ec2-manage-instances, ec2-run-instances. and then click Next: Tags.


  1. For this lab we will not use IAM tags, click Next: Review.
  2. Enter the name of ec2-admin-team-alpha for the Role name and click Create role.


  1. Check the role you have created by clicking on ec2-admin-team-alpha in the list. Record both the Role ARN and the link to the console.
  2. The role is now created, ready to test!