NOTE 1: If running aws sts get-caller-identity in Cloud9 terminal window gives you response such as arn:aws:iam::123456789012:root as your identity - you are already running Cloud9 from your root account, so you can skip any instructions below. Additionally, you can read on using IAM for least privileged access (see NOTE2 Below)
NOTE 2: Allowing admin permissions should be highly discouraged in any enterpise or other envionrment. For the sake of simplicity this workshop step instructs to allow admin permissions to Cloud9, but if you would like to do so, you can go down the path of least privlieged instance and create IAM user with following permissions
- Manage CF stacks
- Manage WAF Regional resources
- Manage Api Gateways
- Manage Lamdba functions (CloudWatch Logs and S3 bucket)
- Create bucket and manage data in S3
Go to Create New Environment within AWS Console and create new environment
Go to IAM Console and Create new EC2 role
Select 'EC2' for service and attach 'Administrator access' policy
Use 'Cloud9Admin' as role name
Select Administrator access
Go to EC2 Console, right click Cloud9 instance, select Instance Settings -> Attach / Replace IAM Role, then select Cloud9Admin as role name
