Identity and Access Management for EC2 Image Builder - EC2 Image Builder

Identity and Access Management for EC2 Image Builder


How you use AWS Identity and Access Management (IAM) differs, depending on the work that you do in EC2 Image Builder.

Service user – If you use the EC2 Image Builder service to do your job, then your administrator provides you with the credentials and permissions that you need. As you use more EC2 Image Builder features to do your work, you might need additional permissions. Understanding how access is managed can help you request the right permissions from your administrator. If you cannot access a feature in EC2 Image Builder, see Troubleshooting EC2 Image Builder identity and access.

Service administrator – If you're in charge of EC2 Image Builder resources at your company, you probably have full access to EC2 Image Builder. It's your job to determine which EC2 Image Builder features and resources your employees should access. You must then submit requests to your IAM administrator to change the permissions of your service users. Review the information on this page to understand the basic concepts of IAM. To learn more about how your company can use IAM with EC2 Image Builder, see How EC2 Image Builder works with IAM.

IAM administrator – If you're an IAM administrator, you might want to learn details about how you can write policies to manage access to EC2 Image Builder. To view example EC2 Image Builder identity-based policies that you can use in IAM, see EC2 Image Builder identity-based policy examples.

Authenticating with identities

For detailed information about how to provide authentication for people and processes in your AWS account, see Identities in the IAM User Guide.

Managing access using policies

For detailed information about how to manage access in AWS by creating policies and attaching them to IAM identities or AWS resources, see Policies and Permissions in the IAM User Guide.

The IAM role that you associate with your instance profile must have permissions to run the build and test components included in your image. The following IAM role policies must be attached to the IAM role that is associated with the instance profile: EC2InstanceProfileForImageBuilder and AmazonSSMManagedInstanceCore.