Note that this is the second in a multipart series. Go back and read [the first post](ruby-queue-part-2-1).

In our second installment of re-implementing a parallel process queue to index thousands of VCF files contained in S3. Here we will take a look at two issues. The first is the creation of an IAM Instance Profile that will allow an EC2 instance to access the SQS queues and the S3 bucket (e.g. s3://myvcffiles) without unecessarily exposing out AWS access keys beyond our local development machine. Here we are assuming that the local IAM user credentials allow the launch an EC2 instance with an assigned IAM role.

We begin by looking up the exact permissions . Here we assume that we are going to access the two SQS queues we created in the first post (vfcindex and vcfindex-error)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation"
      ],
      "Resource": "arn:aws:s3:::myvcffiles"
      "Principal": {"AWS": "AWS-account-ID"}
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::myvcffiles/*"
    }, 
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation"
      ],
      "Resource": "arn:aws:s3:::myvcffiles"
    }
  ]
}