Launch & Maintain > Pre-Launch Checklists > IAM Roles and Users > Creating IAM Policies for Non-Administrator Users and Groups

Creating IAM Policies for Non-Administrator Users and Groups

For AWS Marketplace and GovCloud only, you will need to create an IAM policy to grant authorization to launch a Q-Cloud Protect EC2 instance for non-administrator users or groups.

This authorization, which is assigned through the PassRole permission, allows the user or group to assign the required IAM role to the instance during launch, even if the role has more permissions than the user or group.

Additional Resources

Steps to Assign PassRole Permissions

To assign the PassRole permission to users or groups, do the following:

  1. Create an IAM role to grant the EC2 instance permission to manage S3 objects and EBS snapshots. See Creating an IAM Role for Instances.
  2. Create an IAM policy with the PassRole permission.
  3. Assign the IAM policy to the appropriate user or group.

See Also IconSee Also