2개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
For service role you need this as trusted entity (can be without conditions):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "elasticbeanstalk.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "elasticbeanstalk"
}
}
}
]
}
And add this managed policy as a policy: AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
For EC2 instance role you need this as trusted entity, also add needed permissions.
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
0
okay... I finally figure it out. I didn't select an EC2 instance profile. After I added that, there is no error.
답변함 일 년 전