How To Create AWS IAM Roles Using Terraform?
Last Updated :
23 Jul, 2025
Terraform is an IAAC tool which is used provision infrastructure . Here in this guide i will first discuss what is terraform . Then i will discuss what is IAM Role and in which scenarios we should use IAM Role . Then i will walk you through the different steps to create an IAM Role for an EC2 service having CloudWatch and SNS full access policy .
What is Terraform ?
Terraform is a Infrastructure As Code tool which uses declarative configurational language that is Hashicorp Configurational Language (HCL) to define and provision infrastructure . Terraform has the ability to provision and manage infrastructure across multiple cloud such as AWS , Azure ,GCP , etc . This ability helps the organizations to adopt multi cloud strategy and avoid depending on only one type of cloud platform . When users create infrastructure manually by using the AWS console or Azure console or other cloud provider console , there is a chance that they may face manual error . Fixing these error may take too much time . But if the same task is done using terraform it can entirely eliminate the manual error occurrence . This makes terraform more reliable to provision infrastructure . Overall terraform 's simplicity , cross platform compatibility and automation capabilities makes it an essential tool to maintain control, reliability and scalability .
What is IAM Role ?
An IAM Role is an AWS Identity and Access Management resource which defines a set of policies to ensure AWS services access other necessary AWS resources or services . IAM roles can be attached various AWS services such as EC2 , Lambda , S3 and many more . This allows the AWS services to have temporary permissions to do specific tasks . IAM Role has a ability to establish trust relationships, defining which AWS accounts, IAM users or AWS services are allowed to assume the role .
IAM Role is mainly used in these scenarios :
- To grant permissions to AWS services such as EC2 , Lambda , etc .
- To enable cross account access for sharing resources .
- Temporary permissions for applications and services running on AWS infrastructure .
Hence we can say IAM Role plays an important role in ensuring the security and integrity of AWS cloud platform by minimizing the exposure of long term passwords .
Pre-requisites
Before moving to next section make sure that you have installed terraform on your system , if you have not installed terraform , then follow this detailed geeksforgeeks article Setup Terraform On Linux and Windows Machine to install terraform on your system .
Steps To Create IAM Role Using Terraform
Step 1 : Mention the provider and region in which you want to create the AWS resources .
provider.tf
provider "aws" {
region = "us-east-1"
}
Step 2 : Then create an IAM Role for particular AWS service . Here i have created IAM Role for EC2 service .
iam-role.tf
resource "aws_iam_role" "ec2_role_terraform" {
name = "ec2-role-001"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "ec2.amazonaws.com"
}
},
]
})
}
Step 3 : Attach policies to the IAM Role . Here i have attached the cloudwatch and sns full access policy to the IAM Role .
policies.tf
resource "aws_iam_policy_attachment" "cloudwatch_policy" {
name = "cloudwatch-policy"
roles = [aws_iam_role.ec2_role_terraform.name]
policy_arn = "arn:aws:iam::aws:policy/CloudWatchFullAccess"
}
resource "aws_iam_policy_attachment" "sns_policy" {
name = "sns-policy"
roles = [aws_iam_role.ec2_role_terraform.name]
policy_arn = "arn:aws:iam::aws:policy/AmazonSNSFullAccess"
}
If you want to add any other policy then you just have to copy the policy_arn of that policy . To do this you have to go the AWS IAM dashboard . Here in policies you will see a list of policy . Select your preferred policy and then copy the ARN .
Step 4 : Now execute the terraform file using the below commands one by one .
terraform init
terraform plan
terraform apply
Step 5 : Now verify the IAM Role is created on AWS Console or not .
Conclusion
Here in this article we have first learned about terraform and then learned about what is AWS IAM Role . Then we have followed the steps to create a IAM Role for an EC2 service with AmazonSNSFullAccess and CloudWatchFullAccess policy . Finally we have verified that whether the IAM Role for EC2 is created or not on AWS console .
Similar Reads
DevOps Tutorial DevOps is a combination of two words: "Development" and "Operations." It’s a modern approach where software developers and software operations teams work together throughout the entire software life cycle.The goals of DevOps are:Faster and continuous software releases.Reduces manual errors through a
7 min read
Introduction
What is DevOps ?DevOps is a modern way of working in software development in which the development team (who writes the code and builds the software) and the operations team (which sets up, runs, and manages the software) work together as a single team.Before DevOps, the development and operations teams worked sepa
10 min read
DevOps LifecycleThe DevOps lifecycle is a structured approach that integrates development (Dev) and operations (Ops) teams to streamline software delivery. It focuses on collaboration, automation, and continuous feedback across key phases planning, coding, building, testing, releasing, deploying, operating, and mon
10 min read
The Evolution of DevOps - 3 Major Trends for FutureDevOps is a software engineering culture and practice that aims to unify software development and operations. It is an approach to software development that emphasizes collaboration, communication, and integration between software developers and IT operations. DevOps has come a long way since its in
7 min read
Version Control
Continuous Integration (CI) & Continuous Deployment (CD)
Containerization
Orchestration
Infrastructure as Code (IaC)
Monitoring and Logging
Microsoft Teams vs Slack Both Microsoft Teams and Slack are the communication channels used by organizations to communicate with their employees. Microsoft Teams was developed in 2017 whereas Slack was created in 2013. Microsoft Teams is mainly used in large organizations and is integrated with Office 365 enhancing the feat
4 min read
Security in DevOps