Now we're going to create two roles. These roles will correspond to the groups we defined in Active Directory:
- AWSPowerUser: CanAssumePowerUser
- AWSReadOnly: CanAssumeReadOnly
- Start by creating the CanAssumePowerUser role first:
- We want this role to be an AWS Directory Service role, so be sure to select it before proceeding:
- Attach the AllowAssumeRole policy we have already created to this role:
Hint: You can filter the roles using the search box to make finding them easier.
- Click Create Role to confirm:
- Now go ahead and do exactly the same for the CanAssumeReadOnly role. Again, attach the AllowAssumeRole policy we created earlier:
