Create an AWS IAM Role

Caution: This version of the AWS pre-authorized scanner has been removed and is no longer available to new customers.

  1. Navigate to and log in.

  2. In the top menu bar, click Services.

    Note: Amazon is continually updating their service, so screenshots may differ from the AWS interface you see.

  3. In the Security, Identity, and Compliance section, click IAM.

  4. In the left-hand menu, click Roles.

  5. Click Create Role.

  6. In the Select Type of Trusted Entity section, select AWS Service.

  7. In the Choose the service that will use this role section, click EC2.

    Note: EC2 assets must be activated for your AWS license in order to scan them. If you are going to use the Pre-authorized scanner in AWS, you are required to activate your assets.

    Note: The AWS acceptable scanning policy prevents scanning the m1.small, t1.micro or t2.nano instances.

  8. In the Select your use case section, click EC2.
  9. Click Next: Permissions.
  10. Select the AmazonEC2ReadOnlyAccess check box.

  11. In the Set Permissions Boundary section, ensure the Create role without a permissions boundary radio button is selected.
  12. Click Next: Review.
  13. In the Role Name field, enter a descriptive name for the role.

    Note: The role name cannot be edited once it is created.

  14. Once you have reviewed the the IAM information, click Create Role.

    The newly created IAM role appears in the role list.