Reputation: 137
aws ec2 describe-instances IAM role does not work
My EC2 instance has a IAM role below.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "~~~~",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
],
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/myrole": "true"
}
}
}
]
}
But when I run the "aws ec2 describe-instances --instance-id i-00169bf14adaf25e4" command,
I got error "An error occurred (UnauthorizedOperation) when calling the DescribeInstances operation: You are not authorized to perform this operation."
I tested full EC2 authority IAM role, and works.
And read this https://forums.aws.amazon.com/thread.jspa?messageID=512129 but it was about "Resource".
Official document does not talk about IAM role. (https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-instances.html)
I think I missed some "Action" part, but couldn't find it.
Can somebody tell me Which IAM role is suitable for me? or how can I find it?
Thanks for reading this.
Upvotes: 9
Views: 17846
Answers (1)
Reputation: 3018
Use this policy and attach it to your IAM role (currently attached to your EC2 instance). This will return all instances in that account. Use the filters flag with tag :key option to only return instances with desired tag key/value pair.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "ec2:DescribeInstances",
"Resource": "*"
}
]
}
ben5556 (Freelancer)
Upvotes: 11
Related Questions
- IAM Role does not show in role list of EC2, even though I have the trust relationship set up correctly
- AWS IAM role does not exist or is not attachable
- IAM role is not assigned an instance profile
- aws iam role succesfully created but unvailable
- IAM role fails to give permission to an EC2 instance
- How to apply IAM Role to EC2 instance?
- AWS Assume role with EC2 instance IAM role not working
- How can we apply IAM Roles to an ec2 instance?
- How can I create IAM Roles for Amazon EC2?
- how do I launch ec2-instance with iam-role?