I have the following demo role created for AWS:
with the following trust relationship:
Now, I am trying to modify the role of an EC2 instance to be DemoRoleForEC2
, but the role is not appearing in the dropdown list:
According to this answer here: IAM Role not showing in aws console in Modify IAM role page , it should be working fine as the Trust Relationships are ok, but it is not.
Other things I tried was stopping and restarting the EC2 Instance, and trying to create the role from the "Modify Role for IAM" page, but none worked. Any idea what the issue might be?
A Role can be used by an EC2 instance only if it has an associated Instance Profile, as explained in https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
When creating a role using the web console, you need to specify at the start that it will be used for an EC2 instance. In this case the Instance Profile is created automatically, with the same name as a role.
If the Role cannot be assigned to an EC2 instance, you can create an Instance Profile manually, for example:
aws iam create-instance-profile --instance-profile-name MyRoleInstanceProfile
aws iam add-role-to-instance-profile --role-name MyRole --instance-profile-name MyRoleInstanceProfile
And then the role will appear in the list in the "Modify Role for IAM" page.
Another option is to simply recreate the Role the proper way and specify in the wizard that it's for an EC2 instance.