By using AWS re:Post, you agree to the AWS re:Post Terms of Use

My IAM role is not listed when trying to create a new EC2 instance

0

Hi there, I have created an AWS Active Directory and am now trying to create an EC2 Window Server 2012 to connect to the directory/domain. On the configure instance details, I can select the directory quite fine. I then created an IAM role which contained the two managed policies specified. However, no matter what I do, that IAM role will not appear on the list to select! Any ideas please. Thank you kindly

4 Answers
2

Okay. I also faced the same issue and the issue seems to be the below,

Previously when I create IAM Role from the Console by selecting EC2 or ECS, IAM will create both IAM role and an IAM instance profile. Now ( After new IAM Console, may be from Jan 2022), when I create IAM Role from the Console, it is only creating the IAM role and not the instance profile.

I did below from CLI, to overcome this,

aws iam create-instance-profile --instance-profile-name ecsInstanceRole --profile <my_profile>
aws iam add-role-to-instance-profile --instance-profile-name ecsInstanceRole --role-name  ecsInstanceRole --profile <my_profile>
answered 3 years ago
0

Does you role have an EC2 service principal listed within the trust policy?

Refer to I created an IAM role, but the role doesn't appear in the dropdown list when I launch an instance. What do I do?

answered 3 years ago
  • Thanks, I already looked at this link which just gets even more complicated with commnd line stuff! Surely it is possible to assign the correct managed policies without resorting to command line? It says that you must assign two specific managed policies but gives no clue as to what other managed policies are needed? I am just trying to create a windows server EC2 that can be attached to the AWS Active Directory domain so that I can then manage groups and users. Must it be so complicated? Thanks

  • Look at the Trust Relationships tab on your role. Does it list ec2 as an identity provider?

  • I have followed this link: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/launching_instance.html but it just doesn't work! It is my AWS account and I'm logged-in with full permissions. It only says to add these two managed policies?

  • Rob, under Trust Relationships it has Trusted entities The identity provider(s) ssm.amazonaws.com

  • After endlessly going round in circles, I followed this guide: https://aws-labs.net/winlab0-buildinfra/adminad.html If does not require any IAM instance profile and the trick seems to be the "name" of the role. Very silly, but using the name they use works! Thanks for your help, I just felt it could not be so complicated!

0

Hi, good question.

There are a few components that will need to be configured for an EC2 to use IAM.

Some of these steps don't need to be via CLI - there are instructions for how to do the steps above via console as well.

answered 3 years ago
  • Thanks, think I got the trust relationship correct by replacing ssm.amazonaws.com with ec2.amazonaws.com, but the steps relating to instance profile are just well beyond me! Surely it can be done by console? Since I haven't even created the EC2 instance yet (won't go past selection of IAM role), perhaps I can start again so that it creates an instance as well with the same name? Not sure why it didn't do this anyway?

  • After endlessly going round in circles, I followed this guide: https://aws-labs.net/winlab0-buildinfra/adminad.html If does not require any IAM instance profile and the trick seems to be the "name" of the role. Very silly, but using the name they use works! Thanks for your help, I just felt it could not be so complicated!

0

WTF, the last hint by msutherland25 also helped in my case. The role did finally show up in the console after I chose a role name that ends with 'EC2'... Is this a feature or a bug??

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions