Cannot create elastic beanstalk environment correctly.

Question

I have read the document:
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-instanceprofile.html

And I have created the role aws-elasticbeanstalk-ec2-role and add the policies: AWSElasticBeanstalkWebTier, AWSElasticBeanstalkWorkerTier, AWSElasticBeanstalkMulticontainerDocker.
But the error still occurs. See the screenshots.
![Enter image description here](/media/postImages/original/IMfMCNbniHR0S6QI-t5lWqQA)
![Enter image description here](/media/postImages/original/IMSU1jju_5Q_C4Fg4JqItmWQ)
![Enter image description here](/media/postImages/original/IMPxGHyDI_RoKwUqW86WmwZQ)
![Enter image description here](/media/postImages/original/IMxhEY57NTQX2leXWo90w-kA)

Basically, I am following the docker tutorial steps here:
https://docker-curriculum.com/#docker-on-aws

Answer

okay... I finally figure it out.
I didn't select an EC2 instance profile. After I added that, there is no error.

Answer

For service role you need this as trusted entity (can be without conditions):

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "elasticbeanstalk.amazonaws.com"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "elasticbeanstalk"
                }
            }
        }
    ]
}
```
And add this managed policy as a policy: **AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy**

For EC2 instance role you need this as trusted entity, also add needed permissions.

```
{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
```

Cannot create elastic beanstalk environment correctly.

相關內容