IAM roles must be assigned to instances at launch time Refer to http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html specifically To launch an instance with an IAM role using the console or To launch an instance with an IAM role using the AWS CLI
There are no changes needed in docs other than what's already done in Bug #1462823
I dont understand why this is closed. The questions are not answered in the docs or here. 2. Can we be more precise in granting privileges. The ec2:* in the example you give may be a problem. If I need to set aws as the cloud provider but all I need is to dynamically assign Elastic Block Storage for persistent volumes, can I change ec2:* to a smaller list of permissions? We still have no indication in the docs as to what permissions are required by the role used -- in instances where the user wants to lock it down.
To clarify this isn't about launching instances at all, this is about EBS volumes. Thats why this bug was forked.
Hello Steven, we are working on getting those done as part of https://bugzilla.redhat.com/show_bug.cgi?id=1452816, which is documenting permissions for all cloud providers.