- Mais recentes
- Mais votos
- Mais comentários
I have had the same issue as yours and I was able to fix when I chose to create new role as defined by Elastic Beanstalk. My first attempt was to add the "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy" policy in the role for my website but it didn't fix the issue though I restart the environment. After many troubleshooting workarounds done to no avail, I resorted to create a new environment and I chose "Create and use new service role" in the Service Role. I just let "aws-elasticbeanstalk-service-role" to autofill "Existing service roles" and just follow the prompts thereafter.
Hi,
From the case notes I understand that you are getting the error Unable to assume role "arn:aws:iam::xxxxxx:role/aws-elasticbeanstalk-service-role", in your elastic beanstalk environment.
Per the Elastic Beanstalk documentation the trust policy that you have for your service role is correct. I am attaching the following documentation for that here (1). After testing I was not able to replicate this issue in my account as Elastic Beanstalk was successfully able to assume the service role with this trust policy. Based off of this I would recommend opening a case with AWS support in order to allow a support engineer to better troubleshoot the issue.
I hope you have a great rest of your day!
References
(1) https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-servicerole.html#iam-servicerole-console
Same problem with my Elastic Beanstalk
I had this same problem, to fix it I just created a new role, instead of using the default role option.
template.yml:
AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template to create a service-linked role for Elastic Beanstalk
Resources:
ElasticBeanstalkServiceRole:
Type: 'AWS::IAM::Role'
Properties:
RoleName: 'cicd-role'
AssumeRolePolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: 'Allow'
Action: 'sts:AssumeRole'
Principal:
Service: 'elasticbeanstalk.amazonaws.com'
Description: 'Allows Elastic Beanstalk to create and manage AWS resources on your behalf.'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk
- arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth
- arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService
Outputs:
RoleArn:
Description: 'ARN of the Elastic Beanstalk service role'
Value: !GetAtt [ElasticBeanstalkServiceRole, Arn]
Or in the aws Management Console:
- Roles > Create
- Trusted entity type > AWS service
- Use case > Elastic Beanstalk
- (Everything else as default)
- Create
Conteúdo relevante
- AWS OFICIALAtualizada há 6 meses
- AWS OFICIALAtualizada há 3 meses
- AWS OFICIALAtualizada há 4 anos
- AWS OFICIALAtualizada há um ano
Really appreciate for your genius solution. I tried several times to conque this issue. I trust this is AWS issue.... but not able to reported a case with technical issue.