AWS IAM role is not listed in the IAM roles dropdown menu for EC2
In this blog, we will delve into a comprehensive solution to address this issue, ensuring that your IAM roles are correctly listed and available for assignment to EC2 instances. By following this step-by-step guide, you can resolve this issue efficiently and maintain a smooth and secure operational environment for your AWS resources.
Explore my other articles about AWS services:
- Get all AWS Backup protected resources across all profiles and regions
- Get all AWS Backup recovery points grouped by resource name across all profiles and regions
- Get all AWS EBS snapshots across all profiles and regions
- Get all AWS EC2 instances across all profiles and regions
Introduction
When managing AWS EC2 instances, encountering an issue where an IAM role is not listed in the IAM roles available for EC2 can be a frustrating roadblock. This problem can hinder your ability to manage permissions and access for your instances, potentially affecting the overall security and functionality of your applications. In this article, we will delve into a comprehensive solution to address this issue, ensuring that your IAM roles are correctly listed and available for assignment to EC2 instances. By following our step-by-step guide, you can resolve this issue efficiently and maintain a smooth and secure operational environment for your AWS resources.
Assumptions
- The AWS IAM role has already been created.
- The AWS EC2 instance is not associated with an IAM instance profile.
Prerequisites
- Install and configure AWS Tools for PowerShell.
- Log in to all required AWS accounts/profiles.
- Set your IAM permissions to allow access to the required resources.
- AWS EC2 InstanceId.
PowerShell Cmdlets
- New-IAMInstanceProfile Creates a new instance profile.
- Add-IAMRoleToInstanceProfile Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this quota cannot be increased.
- Register-EC2IamInstanceProfile Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance.
- Get-EC2IamInstanceProfileAssociation Describes your IAM instance profile associations.
Resolution
The dropdown list of IAM roles shows instance profiles instead of IAM roles. Therefore, if a specific IAM role is missing from the list, it might be because the corresponding instance profile is not present.
To resolve this issue, we will follow these three steps:
- Create a new instance profile.
- Add the required IAM role to the new instance profile.
- Associate the new IAM instance profile with a running or stopped EC2 instance.
First, create a new instance profile
We will ensure that the instance profile and IAM role have the same name.
|
1 2 3 4 5 6 7 8 9 |
$Profile = "Production" $Region = "us-east-1" # Use the same name for both the instance profile and IAM role. $RoleName = "EC2PatchRole" $InstanceId = "i-0726c142123456789" New-IAMInstanceProfile -ProfileName $Profile ` -Region $Region ` -InstanceProfileName $RoleName |
Second, add the required IAM role to the new instance profile
Add the specified IAM role to the specified instance profile. An instance profile can contain only one role.
|
1 2 3 4 5 6 |
# Use the same name for both the instance profile and IAM role. Add-IAMRoleToInstanceProfile -ProfileName $Profile ` -Region $Region ` -InstanceProfileName $RoleName ` -RoleName $RoleName |
Third, associate the new IAM instance profile with an EC2 instance
Associate the new IAM instance profile with an EC2 instance. We cannot associate more than one IAM instance profile with an instance.
|
1 2 3 4 5 6 |
# $IamInstanceProfile_Name is the same as the IAM role name. Register-EC2IamInstanceProfile -ProfileName $Profile ` -Region $Region ` -IamInstanceProfile_Name $RoleName ` -InstanceId $InstanceId |
Finally, verify that the EC2 instance is associated with the IAM role
At last, we verify EC2 instance association.
|
1 2 3 4 5 |
(Get-EC2IamInstanceProfileAssociation -ProfileName $Profile -Region $Region | Where {$_.InstanceId -eq $InstanceId}).IamInstanceProfile.Arn <# arn:aws:iam::217907012345:instance-profile/EC2PatchRole #> |
All Script Commands
Without delay, we used the commands below to resolve the issue.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
$Profile = "Production" $Region = "us-east-1" # Use the same name for both the instance profile and IAM role. $RoleName = "EC2PatchRole" $InstanceId = "i-0726c142123456789" New-IAMInstanceProfile -ProfileName $Profile ` -Region $Region ` -InstanceProfileName $RoleName Add-IAMRoleToInstanceProfile -ProfileName $Profile ` -Region $Region ` -InstanceProfileName $RoleName ` -RoleName $RoleName Register-EC2IamInstanceProfile -ProfileName $Profile ` -Region $Region ` -IamInstanceProfile_Name $RoleName ` -InstanceId $InstanceId (Get-EC2IamInstanceProfileAssociation -ProfileName $Profile -Region $Region | Where {$_.InstanceId -eq $InstanceId}).IamInstanceProfile.Arn |
Additional information
Conclusion
I used PowerShell and AWS Tools for PowerShell to resolve the issue of an AWS IAM role is not listed in the IAM roles dropdown menu for EC2.
Did you find this blog easy to follow and helpful? I would love to hear your feedback and suggestions, so please share them in the comments below.
Disclaimer
Purpose of the code contained in blog is solely for learning and demo purposes. Author will not be held responsible for any failure or damages caused due to any other usage.
Comments
Related Posts
Use PowerShell to request a public certificate from AWS Certificate Manager
By 13956 views August 1, 2024
List all AWS Certificate Manager certificates
By 14084 views July 31, 2024
Get all AWS EBS snapshots across all profiles and regions
By 18442 views June 26, 2024
Get all AWS Backup recovery points grouped by resource name across all profiles and regions
By 19715 views June 14, 2024
Get all AWS EC2 instances across all profiles and regions
By 33193 views November 27, 2023
There's no comments