Manually create IAM Role
Go to the console menu and select IAM.
![](../../__attachments/3171188987/image-20221118-144932.png?inst-v=94760cdf-cea7-4685-96d9-bfe0a1e56c22)
Click on Policies and create a Policy with the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2-instance-connect:SendSSHPublicKey",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:osuser": "deltaxml"
}
}
},
{
"Effect": "Allow",
"Action": "ec2:DescribeInstances",
"Resource": "*"
}
]
}
Note: This policy is set for all resources to begin with, once you’ve got everything set up it would be more secure to add a line specifying the AMI directly to restrict the access of the AMI Policy.
"Resource": [
"arn:aws:ec2:region:account-id:instance/%instanceid%"
],
![](../../__attachments/3171188987/image-20221118-161031.png?inst-v=94760cdf-cea7-4685-96d9-bfe0a1e56c22)
Enter the policy directly into the JSON Editor
Name the Policy “DeltaXML-AMI-Policy” and Finish the Creation.
Now click on “Roles” and Select “Create Role”
Select AWS Service and at the bottom of the page choose “EC2” and click Next
![](../../__attachments/3171188987/image-20221118-160515.png?inst-v=94760cdf-cea7-4685-96d9-bfe0a1e56c22)
On the next screen, find the policy created above in the list, and make sure it is checked. Also find AmazonSSMManagedInstanceCore and CloudWatchAgentServerPolicy policies and put a check in them, then click Next
Give the Role a name, we would suggest “DeltaXML-AMI-Role”
![](../../__attachments/3171188987/image-20221118-160414.png?inst-v=94760cdf-cea7-4685-96d9-bfe0a1e56c22)
Click on “Create Role”
Now you can continue to Setup your AWS EC2 Instance (Linux)