amazon-web-servicesamazon-ec2amazon-iamaws-roles

IAM Role does not show in role list of EC2, even though I have the trust relationship set up correctly


I have the following demo role created for AWS:

Demo Role Summary

with the following trust relationship:

Demo Role Trust Relationships

Now, I am trying to modify the role of an EC2 instance to be DemoRoleForEC2, but the role is not appearing in the dropdown list:

Modify IAM Role Page

According to this answer here: IAM Role not showing in aws console in Modify IAM role page , it should be working fine as the Trust Relationships are ok, but it is not.

Other things I tried was stopping and restarting the EC2 Instance, and trying to create the role from the "Modify Role for IAM" page, but none worked. Any idea what the issue might be?


Solution

  • A Role can be used by an EC2 instance only if it has an associated Instance Profile, as explained in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html

    When creating a role using the web console, you need to specify at the start that it will be used for an EC2 instance. In this case the Instance Profile is created automatically, with the same name as a role.

    If the Role cannot be assigned to an EC2 instance, you can create an Instance Profile manually, for example:

    aws iam create-instance-profile --instance-profile-name MyRoleInstanceProfile
    aws iam add-role-to-instance-profile --role-name MyRole --instance-profile-name MyRoleInstanceProfile
    

    And then the role will appear in the list in the "Modify Role for IAM" page.

    Another option is to simply recreate the Role the proper way and specify in the wizard that it's for an EC2 instance.