profAkymbo’s blog

IAM Roles With Custom Policies

Akeem Oyebanji's photo
Akeem Oyebanji
·

2 min read

IAM Roles With Custom Policies

How to create and attach a custom policy to an IAM role

In this demo, we shall be creating IAM roles with custom policies for Amazon Elastic MapReduce (EMR).

Prerequisites

Before creating this, we will need 3 files titled, EMRServerlessS3AndGlueAccessPolicy.txt, emr_notebook_role.json and EMRServerlessTrustpolicy.txt which can be downloaded here.

Step 1

To create an IAM role, navigate to the AWS Management Console and enter IAM in the search bar. Then, choose IAM from the provided search results.

From the IAM dashboard, in the left navigation pane, choose role.

Create EMR Notebook Role

Choose custom policy and create the IAM role for the EMR notebook by pasting the content of emr notebook role

Step 2

Click on next, attach AmazonElasticMapReduceEditorsRole and Attached AmazonS3FullAccess permissions

Click on next, enter role name as EMR-notebook-role and create role.

Step 3

Next is to create another role, choose Create policy from the left pane.

From the Create policy screen, choose the tab labeled JSON.

Then, copy and paste the contents from EMRServerlessS3AndGlueAccess into the JSON tab. After this is complete, choose the Next Tags button.

From the Create policy screen, choose Next Review. Note that, in this tutorial you will not create a tag.

Step 4

Now, on the Review policy page, enter the name for the policy, such as EMRServerlessS3AndGlueAccess, and then choose Create policy.

Next, from the left navigation pane, choose Roles. Then, choose Create role.

Step 5

From the Select trusted entity page, select Custom trust policy.

To complete this step, copy the EMRServerlessTrustpolicy.txt content as shown in the image below and replace the default policy. When complete, choose Next.

Click next.

Step 6

From the Add permissions screen, use the search bar to enter, EMRServerlessS3AndGlueAccess that we created earlier. When located, select it, and then choose Next.

Next, provide a Role name; for example, emrserverlessrole.

After the role name has been created, scroll down, and then choose Create role.

You have successfully created an IAM role and attached a policy to it.

IAM custom policies