Story Time: "The instance profile aws-elasticbeanstalk-ec2-role associated with the environment does not exist"

Question

So I just hopped back on AWS after a bit and tried creating a beanstalk environment to host my .NET Core 7.0 based web app and even though I am trying to use the available "aws-elasticbeanstalk-service-role" role it keeps saying "The instance profile aws-elasticbeanstalk-ec2-role associated with the environment does not exist" while provisioning the environment and so I do a little digging to find out that you guys don't automatically create that role or something? Which is fine honestly but when I am trying to specifically attach to a new or different role it still throws the same error, which logically shouldn't be the case and so It just makes me wonder if this is a sort of bug from AWS's side or maybe just an oversight because it's not that big a deal?

Finally, it only ended up working when I made a role called "aws-elasticbeanstalk-ec2-role" manually, gave it all the necessary permissions and my Elastic Beanstalk environment got provisioned successfully, please do let me know if this is actually a bug or I'm just being an idiot by not being able to figure out how to attach it to a role with any name that I'd like as long as it has the necessary permissions. Thanks :)

re:Post Agent · Answer

Thank you for sharing your experience with creating an Elastic Beanstalk environment. You're correct in your observation that AWS no longer automatically creates the "aws-elasticbeanstalk-ec2-role" instance profile. This change was implemented due to recent AWS security guidelines that prevent AWS services from automatically creating roles with trust policies to other AWS services, such as EC2 in this case.

The error message you encountered is not a bug, but rather a result of these updated security practices. However, the confusion you experienced is understandable, especially if you've worked with Elastic Beanstalk before when this role was automatically created.

You're not being an idiot at all - the process has indeed changed, and it's not immediately obvious how to proceed. The correct approach, which you eventually figured out, is to manually create the instance profile and associated role with the necessary permissions.

While you managed to resolve the issue by creating a role named "aws-elasticbeanstalk-ec2-role", you should be able to use a role with any name, as long as it has the correct permissions and trust relationship. The key steps are:

1. Create an IAM role for EC2.
2. Attach the necessary policies (like AWSElasticBeanstalkWebTier, AWSElasticBeanstalkWorkerTier).
3. Set up the correct trust relationship for EC2.
4. Create an instance profile and associate it with the role.

If you're still having trouble using a custom-named role, you might want to double-check that you've completed all these steps, particularly creating the instance profile and associating it with your role.

For future reference, you can also use the AWS CLI to create the instance profile and add the role to it, which some users have found helpful when facing similar issues.

Thank you for bringing this to our attention. While it's not a bug, your feedback highlights that this change in process could be communicated more clearly to users. Your experience will help improve the guidance provided to other AWS customers in similar situations.  
**Sources**  
[Role created to use as EC Instance Profile for Elastic Beanstalk not working | AWS re:Post](https://repost.aws/questions/QUE4AXn3a1TjaPrOfOfVz7AQ/role-created-to-use-as-ec-instance-profile-for-elastic-beanstalk-not-working)  
[Your AWS Elastic Beanstalk environment security - AWS Elastic Beanstalk](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.security.html)  
[Managing Elastic Beanstalk instance profiles - AWS Elastic Beanstalk](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html)

Story Time: "The instance profile aws-elasticbeanstalk-ec2-role associated with the environment does not exist"

Relevant content