li0nel/ec2-create-role.sh

## ec2-create-role.sh
# Create an IAM role
aws iam create-role --role-name Laravel-EC2-Role \
  --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}'

# Add an IAM policy granting access to CloudWatch
aws iam put-role-policy --role-name Laravel-EC2-Role --policy-name Laravel-CloudWatch-EC2-Permissions \
  --policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["logs:CreateLogStream","cloudwatch:PutMetricData","ec2:DescribeTags","logs:DescribeLogStreams","logs:CreateLogGroup","logs:PutLogEvents","ssm:GetParameter"],"Resource":"*"}]}'

# Add an IAM policy granting access to your S3 bucket
aws iam put-role-policy --role-name Laravel-EC2-Role --policy-name Laravel-S3-EC2-Permissions \
  --policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:*","Resource":["arn:aws:s3:::your-laravel-bucket-name-here", "arn:aws:s3:::your-laravel-bucket-name-here/*"]}]}'

# Create an instance profile from that role
aws iam create-instance-profile --instance-profile-name Laravel-EC2-Instance-Profile

aws iam add-role-to-instance-profile --instance-profile-name Laravel-EC2-Instance-Profile \
  --role-name Laravel-EC2-Role

# Necessary if you have multiple profiles configured for your AWS CLI
AWS_ACCESS_KEY_ID=$(aws --profile getlionel configure get aws_access_key_id)
AWS_SECRET_ACCESS_KEY=$(aws --profile getlionel configure get aws_secret_access_key)

# Create your Docker Machine with the extra --amazonec2-iam-instance-profile parameter
docker-machine create -d amazonec2 --amazonec2-access-key $AWS_ACCESS_KEY --amazonec2-secret-key $AWS_SECRET_KEY \
--amazonec2-instance-type t2.large --amazonec2-region us-east-1 --amazonec2-open-port 80 --amazonec2-open-port 443 \
--amazonec2-iam-instance-profile Laravel-EC2-Instance-Profile laravel
	# Create an IAM role
	aws iam create-role --role-name Laravel-EC2-Role \
	--assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}'

	# Add an IAM policy granting access to CloudWatch
	aws iam put-role-policy --role-name Laravel-EC2-Role --policy-name Laravel-CloudWatch-EC2-Permissions \
	--policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["logs:CreateLogStream","cloudwatch:PutMetricData","ec2:DescribeTags","logs:DescribeLogStreams","logs:CreateLogGroup","logs:PutLogEvents","ssm:GetParameter"],"Resource":"*"}]}'

	# Add an IAM policy granting access to your S3 bucket
	aws iam put-role-policy --role-name Laravel-EC2-Role --policy-name Laravel-S3-EC2-Permissions \
	--policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:","Resource":["arn:aws:s3:::your-laravel-bucket-name-here", "arn:aws:s3:::your-laravel-bucket-name-here/"]}]}'

	# Create an instance profile from that role
	aws iam create-instance-profile --instance-profile-name Laravel-EC2-Instance-Profile

	aws iam add-role-to-instance-profile --instance-profile-name Laravel-EC2-Instance-Profile \
	--role-name Laravel-EC2-Role

	# Necessary if you have multiple profiles configured for your AWS CLI
	AWS_ACCESS_KEY_ID=$(aws --profile getlionel configure get aws_access_key_id)
	AWS_SECRET_ACCESS_KEY=$(aws --profile getlionel configure get aws_secret_access_key)

	# Create your Docker Machine with the extra --amazonec2-iam-instance-profile parameter
	docker-machine create -d amazonec2 --amazonec2-access-key $AWS_ACCESS_KEY --amazonec2-secret-key $AWS_SECRET_KEY \
	--amazonec2-instance-type t2.large --amazonec2-region us-east-1 --amazonec2-open-port 80 --amazonec2-open-port 443 \
	--amazonec2-iam-instance-profile Laravel-EC2-Instance-Profile laravel