IAM Roles are used to grant permissions to a user EC2 Roles are used to grant permissions to EC2 Instance.

1.  The following is required before you create IAM user for your AWS Free Tier Account

–  An Active AWS Account with admin level permissions.

  –  An Instance which support Instance Connect.

2.  Logon to AWS as an IAM user at URL:  https://signin.aws.amazon.com/

3.  From the Home Console type EC2 in the search bar, select the star next to EC2, and select EC2

4.  On the right hand menu bar select Instance.

5.  We currently have one EC2 Instances built out, select your instance with a check mark and press the Connect button.

6.  By default you are already in the EC2 Instance Connect tab, it defaults uses the default ec2-user session.  Select Connect.

7.  The Instance Connect terminal will startup.

8.  The first thing we will attempt to do is list the IAM users with command:    aws iam list-users

9.   NOTE:  Currently we are connected inside of the EC2 Instance but we have no permissions to do anything.    To resolve this issue we will add roles to the EC2 instance directly.

10.   Open the IAM console and scroll down the left hand side menu bar to roles.  NOTE:  We already have a role EC2_ReadOnly_IAM.

11.   Go back to your EC2 Instance and click on the Instance ID ? Actions ? Security ? Modify IAM role.

 12.   Select the EC2_ReadOnly_IAM role from the drop down box and press Update IAM role.

 13.   Now relaunch Instance connect and attempt your command.  Now you have the appropriate permissions to view the IAM.