Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
Role created to use as EC Instance Profile for Elastic Beanstalk not working
I'm trying to create my first Elastic Beanstalk environment in a fresh AWS account (not my first EB, I've spun up like a 100 of these things).
In the old days, the Elastic Beanstalk wizard used to create the role (wrapped in an EC Instance Profile) for you to be selected as the 'EC2 Instance Profile'. In the past few months, I've found that that has changed and now you have to create that role manually through the IAM console. The instructions to do this are very clear and found at https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html. I've followed those instructions successfully in the past.
However, today when I'm trying the same thing, the role that I create does not seem to actually get wrapped as an EC2 Instance Profile. I can create the role and all the permissions and the JSON policy for the 'Trusted entities' looks exactly the same as all my other AWS accounts, however the role does not appear in the EB wizard as an option. Notably, the 'Summary' section or the created role is missing the 'Instance profile ARN'.
Here's a screengrab of the created role, showing the 'Trusted entities' tab:
- Newest
- Most votes
- Most comments
Go through once by following steps:
=> Create IAM Role Go to the IAM console. Create a new role for EC2. Attach the necessary policies (e.g., AWSElasticBeanstalkWebTier, AWSElasticBeanstalkWorkerTier).
Set the trust relationship:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
=> Create Instance Profile Go to IAM console. Select "Roles" -> your created role. Go to the "Instance profile" tab. Click "Create instance profile". Name it (same as role name).
=> Associate Role with Instance Profile In the IAM console, select "Instance profiles". Ensure the new profile includes the role.
=> Verify and Use in Elastic Beanstalk Go to Elastic Beanstalk environment creation wizard. Select the newly created instance profile.
Hello.
Try creating an instance profile using the AWS CLI command below.
In my AWS account, I created an instance profile with the following command and was able to select it when configuring ElasticBeanstalk.
AWS CLI can be executed from CloudShell.
https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html
aws iam create-instance-profile --instance-profile-name eb-instance-profile-test
aws iam add-role-to-instance-profile --instance-profile-name eb-instance-profile-test --role-name ec-beanstalk-instance-role
Thanks, that did solve my problem! I still think there's a problem in the console, but at least I can keep going now.
There is no "Instance profiles" menu option in the IAM console, it simply is not there. I got the same instructions from the AWS AI bot (I suspect you did too).