Unable to attach the Instance Profile Role to EC2

Question

Hi,

I'm getting this error while trying to attach an instance profile role under EC2 -> Security -> modify IAM Role:-

![Enter image description here](/media/postImages/original/IMRhqucNSPRoiVSfZA0ykEVg)

```
Failed to describe Instance Profiles
Failed to describe Instance Profiles. User: arn:aws:sts::336247864862:assumed-role/test/vkshs is not authorized to perform: iam:ListInstanceProfiles on resource: arn:aws:iam::336247864862:instance-profile/ because no identity-based policy allows the iam:ListInstanceProfiles action.
```

It seems like policy issue attached to my identity.
Kindly suggest me its root cause and what policy is required here to fix it.

Regards,
Vinod Kumar

Accepted Answer

**<>**

You need to add following permission to your user/role for resource "instance profile name" through which you are logging to. this account:

Action:

iam:ListInstanceProfiles

Policy to list EC2 and InstanceProfile would look like as below:

{
            "Sid": "ListEc2AndListInstanceProfiles",
            "Effect": "Allow",
            "Action": [
                "iam:ListInstanceProfiles",
                "ec2:Describe*",
                "ec2:Search*",
                "ec2:Get*"
            ],
            "Resource": "*"
        }
[Reference documentation](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html)

Once you add this to your role, you should be able to list instance profile.

Important point to note here is, AmazonEC2FullAccess managed policy doesn't have this permission however IAMReadOnlyAccess policy provides this access to all profiles, you may consider adding this policy too.

Hope you find this useful.

Abhishek.

Unable to attach the Instance Profile Role to EC2

相關內容