---
title: "Create an AWS IAM role | Grafana Labs"
description: "Learn how to create the required AWS IAM role and policies to allow Grafana Cloud to access your AWS metrics."
---

> For a curated documentation index, see [llms.txt](/llms.txt). For the complete documentation index, see [llms-full.txt](/llms-full.txt).

# Create an AWS IAM role

In this milestone, you’ll create an AWS IAM role that grants Grafana Cloud the necessary permissions to collect metrics from your AWS account. This role uses the principle of least privilege, providing only the read-only access required for monitoring.

The IAM role establishes a secure trust relationship between your AWS account and Grafana Cloud, allowing metric collection without sharing long-term credentials or compromising security.

To create an AWS IAM role for Grafana Cloud, complete the following steps:

1. From the **Configuration** tab, click the **AWS accounts** tile.
2. At the AWS Accounts page, click **Add new account** to open the **Create new account** page.
3. For **Create a new AWS role**, leave the **Automatically** and **Use CloudFormation** tiles selected.
4. Click **Launch stack**, opening a CloudFormation template in your AWS account in a new tab.
   
   The AWS account that you are logged into at the time of clicking the button is the account that opens. To use a different account, log out of the current account and into the account you want to use.
5. Select the **I acknowlege that AWS CloudFormation might create IAM resources with custom names** checkbox.
6. Click **Create stack**.
7. Copy the `RoleARN` in the **Outputs** tab of the stack to use in a later step.
8. Return to the **Create new account** page in Grafana Cloud when you have finished in AWS.

In your next milestone, you’ll use this IAM role to connect your AWS account to Grafana Cloud.