Additional information about users and roles
In order to run Tools for PowerShell commands on AWS, you need to have some combination of users, permission sets, and service roles that are appropriate for your tasks.
The specific users, permission sets, and service roles that you create, and the way in which you use them, will depend on your requirements. The following is some additional information about why they might be used and how to create them.
Users and permission sets
Although it's possible to use an IAM user account with long-term credentials to access AWS services, this is no longer a best practice and should be avoided. Even during development, it is a best practice to create users and permission sets in AWS IAM Identity Center and use temporary credentials provided by an identity source.
For development, you can use the user that you created or were given in Configure tool authentication. If you have appropriate AWS Management Console permissions, you can also create different permission sets with least privilege for that user or create new users specifically for development projects, providing permission sets with least privilege. The course of action you choose, if any, depends on your circumstances.
For more information about these users and permissions sets and how to create them, see Authentication and access in the AWS SDKs and Tools Reference Guide and Getting started in the AWS IAM Identity Center User Guide.
Service roles
You can set up an AWS service role to access AWS services on behalf of users. This type of access is appropriate if multiple people will be running your application remotely; for example, on an Amazon EC2 instance that you have created for this purpose.
The process for creating a service role varies depending on the situation, but is essentially the following.
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
. -
Choose Roles, and then choose Create role.
-
Choose AWS service, find and select EC2 (for example), and then choose the EC2 use case (for example).
-
Choose Next and select the appropriate policies for the AWS services that your application will use.
Warning
Do NOT choose the AdministratorAccess policy because that policy enables read and write permissions to almost everything in your account.
-
Choose Next. Enter a Role name, Description, and any tags you want.
You can find information about tags in Controlling access using AWS resource tags in the IAM User Guide.
-
Choose Create role.
You can find high-level information about IAM roles in IAM Identities (users, user groups, and roles) in the IAM User Guide. Find detailed information about roles in the IAM roles topic.