Now we're going to create two roles. These roles will correspond to the groups we defined in Active Directory:
- AWSPowerUser: CanAssumePowerUser
- AWSReadOnly: CanAssumeReadOnly
- Start by creating the CanAssumePowerUser role first:
- We want this role to be an AWS Directory Service role, so be sure to select it before proceeding:
- Attach the AllowAssumeRole policy we have already created to this role:
- Click Create Role to confirm: ...