Okay. I also faced the same issue and the issue seems to be the below,
Previously when I create IAM Role from the Console by selecting EC2 or ECS, IAM will create both IAM role and an IAM instance profile. Now ( After new IAM Console, may be from Jan 2022), when I create IAM Role from the Console, it is only creating the IAM role and not the instance profile.
I did below from CLI, to overcome this,
aws iam create-instance-profile --instance-profile-name ecsInstanceRole --profile <my_profile>
aws iam add-role-to-instance-profile --instance-profile-name ecsInstanceRole --role-name ecsInstanceRole --profile <my_profile>
Does you role have an EC2 service principal listed within the trust policy?
Hi, good question.
There are a few components that will need to be configured for an EC2 to use IAM.
The proper permissions via IAM Policies (like the 2 Managed Policies you have).
The proper trust relationship for what can use the IAM Role (See Role Trust Policy). This is not a Managed Policy. See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html. This will need to trust ec2.amazonaws.com
Lastly, if you're using EC2, an IAM Instance Profile as well. See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html for how to manage Instance Profiles.
Some of these steps don't need to be via CLI - there are instructions for how to do the steps above via console as well.
WTF, the last hint by msutherland25 also helped in my case. The role did finally show up in the console after I chose a role name that ends with 'EC2'... Is this a feature or a bug??
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- How do I use AWS Systems Manager to join a new EC2 Windows instance to my AWS Directory Service domain?AWS OFFICIALUpdated 4 years ago
- EXPERTpublished 9 months ago