Reputation: 1232
IAM Role does not show in role list of EC2, even though I have the trust relationship set up correctly
I have the following demo role created for AWS:
with the following trust relationship:
Now, I am trying to modify the role of an EC2 instance to be DemoRoleForEC2, but the role is not appearing in the dropdown list:
According to this answer here: IAM Role not showing in aws console in Modify IAM role page , it should be working fine as the Trust Relationships are ok, but it is not.
Other things I tried was stopping and restarting the EC2 Instance, and trying to create the role from the "Modify Role for IAM" page, but none worked. Any idea what the issue might be?
Upvotes: 7
Views: 10843
Answers (3)
Reputation: 1232
A Role can be used by an EC2 instance only if it has an associated Instance Profile, as explained in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
When creating a role using the web console, you need to specify at the start that it will be used for an EC2 instance. In this case the Instance Profile is created automatically, with the same name as a role.
If the Role cannot be assigned to an EC2 instance, you can create an Instance Profile manually, for example:
aws iam create-instance-profile --instance-profile-name MyRoleInstanceProfile
aws iam add-role-to-instance-profile --role-name MyRole --instance-profile-name MyRoleInstanceProfile
And then the role will appear in the list in the "Modify Role for IAM" page.
Another option is to simply recreate the Role the proper way and specify in the wizard that it's for an EC2 instance.
Upvotes: 16
Reputation: 41
In my case I was creating an instance profile and adding a role with the CLI. Then, the instance profile was not showing up on EMR but it was appearing on EC2. After several attempts I tried naming the instance profile and the role with the same name (and no special characters), and then it worked.
Upvotes: 0
Reputation: 1115
One thing to check is the browser you are using to do this task and any browser extensions you may have installed.
I hit this issue where I was creating an EC2 role via the AWS console but it was not creating the instance profile.
I found the issue to be because I was using chrome and with the ClearURLs extension. I disabled this extension and when I then tried to create the role via the console, then the instance profile was also being created.
Upvotes: 1
Related Questions
- AWS IAM role does not exist or is not attachable
- aws iam role succesfully created but unvailable
- AWS - IAM User Role Permissions are not Propagating to User
- AWS IAM Role permission issue
- Newly created AWS member account is missing IAM role
- IAM role fails to give permission to an EC2 instance
- Where are my EC2 Profile Roles (In IAM Console)?
- aws ec2 describe-instances IAM role does not work
- How to apply IAM Role to EC2 instance?
- AWS Assume role with EC2 instance IAM role not working