- Running EC2 instance without any IAM roles (so you if you connect the instance and try to run AWS commands, it fails)
- IAM role with "IAMReadOnlyAccess" policy
- Attach a role (and if such role doesn't exists, create it) with "IAMReadOnlyAccess" policy to the EC2 instance
- Verify you can run AWS commands in the instance
- Go to EC2 service
- Click on the instance to which you would like to attach the IAM role
- Click on "Actions" -> "Security" -> "Modify IAM Role"
- Choose the IAM role with "IAMReadOnlyAccess" policy and click on "Save"
- Running AWS commands now in the instance should work fine (e.g.
aws iam list-users)