Create IAM Roles

Roles are used to temporarily allow users or services to access resources without sharing long-term security credentials. Permissions are applied to roles so they not attached to any IAM user or group, allowing applications or services (like Euca2ools) to assume a role that allows them to make programmatic requests to Eucalyptus.

Create a role

Add the details of your new role:

  1. Type the name of your new role.
  2. Select the role type from the following options:
    Note: These options apply to all the users associated with this role.
    • EC2 service allows EC2 instances to call other services on your behalf.
    • Cross-account access grants IAM users from another account to access this account. Hover over the (?) icon for more details about choosing this option.


You can also optionally give the role a path that you define to identify which part of the organization it belongs to.

The Advanced section allows you to associate a path for the new role. Organize your roles in a way that makes sense to you, but ultimately, a path is not used to define how the role is applied. For more information, go to IAM Identifiers.

Save Your Work

Click the Create Role button to save your work, or click the Cancel button to cancel the operation.
A subsequent screen appears, allowing you to add access policies for your newly created role. Refer to its context help for details on completing that operation.