Elastic Beanstalk, Unable to assume role "arn:aws:iam::xxxxxxx:role/aws-elasticbeanstalk-service-role". Verify that the role exists and is configured correctly.
One of My Beanstalk environment started to be in sever/degraded status and showing me the error
Unable to assume role "arn:aws:iam::xxxxxx:role/aws-elasticbeanstalk-service-role". Verify that the role exists and is configured correctly.
Upon checking, there is nothing changed in this service role, and all my other EB enviornment using this service role works fine. The service role has two managed policis (AWSElasticBeanstalkEnhancedHealth & AWSElasticBeanstalkService) attached with proper trust relashionship setup as below. I also confirmed my USER IAM policy is Admin, which give access to do anything (including assume/pass roles). What else can be causing this error? How do I fix it
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "elasticbeanstalk.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "elasticbeanstalk" } } } ] }
Hi,
From the case notes I understand that you are getting the error Unable to assume role "arn:aws:iam::xxxxxx:role/aws-elasticbeanstalk-service-role", in your elastic beanstalk environment.
Per the Elastic Beanstalk documentation the trust policy that you have for your service role is correct. I am attaching the following documentation for that here (1). After testing I was not able to replicate this issue in my account as Elastic Beanstalk was successfully able to assume the service role with this trust policy. Based off of this I would recommend opening a case with AWS support in order to allow a support engineer to better troubleshoot the issue.
I hope you have a great rest of your day!
References
(1) https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-servicerole.html#iam-servicerole-console
Relevant questions
Elastic Beanstalk, Unable to assume role "arn:aws:iam::xxxxxxx:role/aws-elasticbeanstalk-service-role". Verify that the role exists and is configured correctly.
asked a month agoElastic Beanstalk stuck aborting current environment operation
asked 4 months agoUnable to swap Environment URL's on Elastic Beanstalk
asked 4 years agoHow to deploy to single instance Elastic Beanstalk worker environment using CodePipeline?
asked 6 months agoElastic Beanstalk Environment is stuck on Terminating for 2 hours now
asked 2 years agoError "Unable to create the application version" in elastic beanstalk
asked 5 months agoElastic Beanstalk environment does not terminate
asked 3 years agoElastic Beanstalk health is in Severe
asked 5 months agoUnable to delete my Elastic Beanstalk environment
asked 3 years agoGreenGrass is not authorized to assume the Service Role
Accepted Answerasked 2 years ago