# IAM Requirements: Role and EC2 instance profile

An **EC2 instance profile** allows an IAM role to be passed to an EC2 instance, granting it access to specified AWS services. For WorkSpaces Manager, this instance profile must include a role with the necessary permissions to access multiple AWS services, as described previously. These services include CloudWatch, Cost Explorer, EC2, EUC, Pricing, and S3, and the role must have custom policies that enable secure data retrieval from these services.

By attaching the role to the EC2 instance profile, WorkSpaces Manager will have the required permissions to perform its operations without needing manual credential management.

{% hint style="warning" %}
If using the [Git Repo for Terraform](https://gitlab.com/nuvens-public/iam-role-terraform) from Nuvens' public site, the **Security Group**, **Policies**, **Role**, and **EC2 Instance Profile** will be created together as part of the automated deployment process.
{% endhint %}

If you are creating the role manually, the custom policies must be created first. Once the policies are in place, follow these steps to create the role:

1. Navigate to **IAM > Roles** in the AWS Management Console.
2. Click on **Create Role**.
3. Select **AWS Service** as the trusted entity.
4. Under **Choose a use case**, select **EC2** and click **Next**.
5. Attach the previously created policies (e.g., **WSMCloudwatchPolicy**, **WSMCostExplorerPolicy**, **WSMEC2Policy**, etc.) to the role.
6. Proceed through the remaining steps and provide a name for the role, such as **WorkSpacesManagerRole**.
7. Complete the role creation process by clicking **Create Role**.

<figure><img src="/files/itUeu8W3yXws0XqdzEp8" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nuvens.cloud/install/alternate-deployment-options/deployment-from-shared-ami/iam-requirements-role-and-ec2-instance-profile.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.