I created an IAM role, but the role doesn't appear in the dropdown list when I launch an instance. What do I do?

3 minute read
0

I created a new AWS Identity and Access Management (IAM) role, but I can't find the role in the dropdown list when launching an instance.

Resolution

The dropdown list includes instance profiles and not IAM roles, but you can add an IAM role to an instance profile. You must choose the instance profile that has the required IAM role added to it.

Follow these steps to create a new IAM role linked to an instance profile. Then, choose the instance profile from the dropdown list when you launch your instance. Create a new IAM role linked to an instance profile using either the IAM console or the AWS Command Line Interface (AWS CLI).

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.

Using the IAM console

This example uses Amazon Elastic Compute Cloud (Amazon EC2) to show that selecting EC2 as your use case creates a trust relationship for Amazon EC2. Your EC2 use case also creates:

  • An instance profile.
  • Gives the instance profile the same name as the IAM role.
  • Adds the IAM role to the same Instance profile.

Note: If EC2 isn't selected when the IAM role is created, the instance profile and trust relationships aren't created for Amazon EC2.

1.    Open the IAM console.

2.    In the navigation pane, choose Roles, and then choose Create role.

3.    Choose EC2 as the AWS service, select EC2 as your use case, and then choose Next: Permissions.

4.    Choose the Policy name for your use case, choose Next: Tags, and then choose Next: Review.

5.    Enter a Role name, and then choose Create role.

Using the AWS CLI

1.    Create a file named Test-Role-Trust-Policy.json and paste the following policy in the file:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

2.     Create an IAM role by running the following command:

$ aws iam create-role --role-name Test-Role --assume-role-policy-document file://Test-Role-Trust-Policy.json

3.     Create an instance profile by running the following command:

$ aws iam create-instance-profile --instance-profile-name Webserver

4.    Add an IAM role to the instance profile by running the following command:

$ aws iam add-role-to-instance-profile --role-name Test-Role --instance-profile-name Webserver

For an existing IAM role for EC2, you must add the EC2 service principal into its existing trust policy. For more information, see Specifying a principal.

Note: If the IAM roles and instance profiles have different names, then make sure that you select the correct instance profile. The correct instance profile has the required IAM role added to it when launching an EC2 instance. The IAM role won't be listed in the dropdown list.


Related information

Modifying a role

Editing the trust relationship for an existing role

IAM roles for Amazon EC2