1. go to search for the IAM dashboard
2. Click on Policies in the left-hand navigation pane.
3. Click on the Create policy button.
4. Choose either the JSON & Visual editor tab depending on your preference for creating the policy
5. Create a policy using either the JSON code editor or the visual editor.
6. Give your policy a name and description.
7. Click on the Create Policy button to save your policy
Here’s an example of a simple IAM policy created using the visual editor:
(IAM service) policy
1. Click on the “Visual Editor” tab.
2. Click on “Create Policy”.
3. Select services, actions, and resources.
4. Choose whether to grant or deny permissions.
5. Create your policy using either the JSON code editor or the visual editor.
6. Define your policy by adding the required statements. Each statement must include an action, resource, and effect. The effect must be set to “Deny” to explicitly deny access to the specified resources.
7. Review the policy summary.
8. Provide a name and a description.
9. Click on the “Create policy” button.
Once you’ve created your policy, you can attach it to one or more IAM users, groups, or roles to grant or restrict their access to AWS resources.
IAM (serves) Roles
1. Navigate to the IAM dashboard.
2. Click on “Roles” from the left-hand menu.
3. Click on the “Create role” button.
4. Choose the type of trusted entity for your role: an AWS service, another AWS account, or a web identity provider.
5. Choose the use case that best fits your scenario, such as EC2 or Lambda.
6. Select the policies that define the permissions for your role. You can choose from existing policies or create a custom one.
7. Give your role a name and description.
8. Review your role and click “Create role” to save it.
After creating your role, you can assign it to an IAM user or group to permit them to access AWS resources. For example, you can assign the role to an EC2 instance to permit it to access other AWS resources. Be sure to test your role to ensure it provides the intended level of access.
Lambda function
1. Navigate to the Lambda dashboard.
2. Click on the “Create function” button.
3. Choose the type of function you want to create. You can create a function from scratch, a blueprint, or a serverless application repository.
4. Give your function a name and description.
5. Choose a runtime for your function, such as Python, Node.js, or Java.
6. Configure the function’s execution role, which determines the permissions that the function has to access AWS resources.
7. Write your function code or upload a ZIP file containing your code.
8. Configure your function’s triggers, which determine when the function is executed. As triggers, you can use AWS services such as S3, API Gateway, or CloudWatch Events.
9. Set up your function’s environment variables and any additional settings, such as memory and timeout settings.
10. Click “Create function” to save your Lambda function.
After creating your Lambda function, you can test it by invoking it manually or setting up a trigger to invoke it automatically. You can also monitor your function’s performance and troubleshoot any errors using the AWS Lambda console.
CloudWatch
1. Navigate to the CloudWatch dashboard.
2. Click on “Events” from the left-hand menu.
3. Click on the “Create rule” button.
4. Choose the “Schedule” option under “Event Source”.
5. Configure the croon expression for when you want the EC2 instance to start. For example, if you want it to start every day at 7 pm, you would use the expression 30 13 * * ? *.
6. Choose the EC2 instance as the target for the event rule.
7. Configure the specific action that you want to perform on the EC2 instance, which in this case is to start it.
8. Give your rule a name and description.
9. Click “Create rule” to save your CloudWatch event rule.
After creating your CloudWatch event rule, it will trigger at the scheduled times and start the specified EC2 instance. Be sure to test your rule to ensure it is working as expected.
