The EC2 will get an artifact from S3 bucket. It will communicate with CodeDeploy. Additionally, CodeDeploy agent will be maintained by SSM.
For these, make another IAM role for EC2.
Create IAM role in management console.
In create role step 1, select trusted entity type with AWS service.
Select use case with EC2.
I added 3 managed policies: AmazonS3FullAccess, AWSCodeDeployFullAccess, AmazonSSMFullAccess
A full access here may not be necessary, but for brevity I chose those.
EC2 - Select instances - Actions - Security - Modify IAM role
Last updated 1 year ago
