As an IAM User I have run into a problem connecting to an EC2 instance on AWS. On the AWS console under EC2 > Network & Security > Key Pairs: I select Create Key Pair, provide a key pair name, select ‘RSA’, select ‘.pem’ file format, click the Create button. I get: You are not authorized to perform this operation.
Your steps look correct; so let’s try giving your IAM User specific permission to do EC2 “everything”. You may be able to do this while logged in on your IAM account; but certainly you can do it from the admin account if necessary. (An ‘admin’ is what you set up the first time you log in as root. The idea is that admin has authority to do this sort of thing but without being root.)
In the AWS Console go to IAM > Users, click on your User name > dedicated page with multiple tabs. The left-most tab is Permissions.
Click on Add Permissions and notice three boxes at the top. Click Attach Existing Policies Directly. Search for AmazonEC2FullAccess. Tick the little box and then click Next: Review > Click Add Permissions. This should give you the necessary permission to create and use key pairs.