1 個回答
- 最新
- 最多得票
- 最多評論
1
<<Remove your account id from the question error message at earliest.>>
You need to add following permission to your user/role for resource "instance profile name" through which you are logging to. this account:
Action:
iam:ListInstanceProfiles
Policy to list EC2 and InstanceProfile would look like as below:
{
"Sid": "ListEc2AndListInstanceProfiles",
"Effect": "Allow",
"Action": [
"iam:ListInstanceProfiles",
"ec2:Describe*",
"ec2:Search*",
"ec2:Get*"
],
"Resource": "*"
}
Once you add this to your role, you should be able to list instance profile.
Important point to note here is, AmazonEC2FullAccess managed policy doesn't have this permission however IAMReadOnlyAccess policy provides this access to all profiles, you may consider adding this policy too.
Hope you find this useful.
Abhishek.
相關內容
- 已提問 6 個月前
- 已提問 6 個月前
- AWS 官方已更新 2 年前
Thanks, your solution worked however when I select this role and submit the button for 'Update IAM role' then I get this following error as well:-
Failed to attach instance profile You are not authorized to perform this operation. Encoded authorization failure message: 0v498g_npaKBtWgAS6pJbH.......................
There are two things here, that you need to do:
aws sts decode-authorization-message --encoded-message "encode failure message" -> This will give you the details of the failure.
Please follow this re:Post Knowledge center article, Attach or replace instance profile also see if you have iam:PassRole permissions already as I have see that to be an issue as well.