AWS IAM ROLE PERMISSION

Please follow these steps to create an IAM role with the required permissions to access AWS flowlogs, CloudWatch, and EC2 instances through NFA:

1. Create IAM Role:
   • Go to IAM - Roles - Create Role.
   • Select "AWS service" as the trusted entity.
   • Select "EC2" in the service or use case.
   • Click "Next" multiple times.
   • Provide a role name of your choice.
   • Click "Create."
2. Now Select the created role
   • In permission policies, select "Create inline policy" from the "Add permission" option.
   • Choose the JSON option.
   • Copy the following syntax into the policy editor:
     

     {
     "Version": "2012-10-17",
     "Statement": [
     { "Sid": "VisualEditor0",
     "Effect": "Allow",
     "Action": [
     "ec2:DeleteFlowLogs",
     "logs:CreateLogStream",
     "logs:DescribeLogGroups",
     "ec2:CreateFlowLogs",
     "logs:DescribeLogStreams",
     "ec2:DescribeFlowLogs",
     "ec2:*",
     "logs:CreateLogGroup",
     "logs:PutLogEvents"
     ],
     "Resource": "*"
     }
     ]
     }

   • Click "Next" and save changes.