- Newest
- Most votes
- Most comments
Hi,
It is not possible to be 100% certain of your problem but based upon the information supplied there are two top options I can think of
- Are you certain you have an IAM Profile linked to the Role? This field requires the name of a Profile and depending on how you created the Role it may not have a profile. You can check if a Profile exists by viewing the role in the IAM console and looking on the far right. It will show the ARN of the IAM profile if one exists
- Are you certain you have the name of the Profile? Depending on how you created the Role/Profile it is possible for the name of the Profile to be slightly different from the name of the Role. Use the IAM console to view the role and therefore the ARN of the Profile to check the name you are using.
Hopefully one of these resolves your problem.
Are you specifying the last part of the ARN of an IAM role? If so, have you ensured that this IAM role also has an InstanceProfile? They could be 2 different things.
Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the IAM console, the console creates an instance profile automatically and gives it the same name as the role to which it corresponds. If you use the Amazon EC2 console to launch an instance with an IAM role or to attach an IAM role to an instance, you choose the role based on a list of instance profile names.
If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, with potentially different names. If you then use the AWS CLI, API, or an AWS SDK to launch an instance with an IAM role or to attach an IAM role to an instance, specify the instance profile nam
See
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html and
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
You can see your instance profiles by opening a CloudShell session and entering
aws iam list-instance-profiles
I don't see anything wrong with your CloudFormation template. It is working fine from my end. You can check if your template is valid using the CloudFormation designer. Also, ensure you are using a correct IAM Role in the IamInstanceProfile property. The role must be an instance profile and have EC2 in its trusted entities.
Relevant content
- asked 6 months ago
- AWS OFFICIALUpdated 3 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago