Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I attach or replace an instance profile on an Amazon EC2 instance?

3 minute read
0

I want to attach or replace an instance profile on an Amazon Elastic Compute Cloud (Amazon EC2) instance.

Resolution

Requirement: You must have permission to launch EC2 instances and permission to pass AWS Identity and Access Management (IAM) roles.

To attach or replace an instance profile on an EC2 instance, create an IAM role. To create an IAM role, you can use the AWS Management Console or AWS Command Line Interface (AWS CLI). If you use the AWS CLI, then you must also use the AWS CLI to create the instance profile. The IAM role name and instance profile name can be different. When you use the AWS Management Console, the instance profile and role names are identical.

Create the IAM role

Use the AWS Management Console

Complete the following steps:

  1. Open the Amazon EC2 console, and then choose Instances.
  2. Select the instance that you want to attach to an IAM role.
  3. Under Details, locate IAM Role, and then verify that the IAM role is attached to the instance.
    Important: The instance's permissions change based on the attached IAM role. When you modify an IAM role, applications that run on the instance might be affected. Before you modify the IAM role, verify that applications running on the instance maintain access to AWS services.
  4. Choose Actions menu, and then choose Security.
  5. Choose Modify IAM role.
    Note: Amazon EC2 uses an instance profile as a container for an IAM role.
  6. For Choose IAM role, choose the instance profile that you want to attach.
  7. Choose Save.

Use the AWS CLI

Note: If you receive errors when you run AWS CLI commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Note: In the following commands, replace PROFILENAME with your instance's profile name, ROLENAME with your role name, and INSTANCE-ID with your instance ID.

Complete the following steps:

  1. Run the following create-instance-profile command to create an instance profile:

    aws iam create-instance-profile --instance-profile-name PROFILENAME

  2. Run the following add-role-to-instance-profile command to add the role to the instance profile:

    aws iam add-role-to-instance-profile --instance-profile-name PROFILENAME --role-name ROLENAME

  3. Run the following associate-iam-instance-profile command to attach the instance profile to the instance:

    aws ec2 associate-iam-instance-profile --iam-instance-profile Name=PROFILENAME --instance-id i-012345678910abcde

    If you associate an instance profile with the instance, then the associate-iam-instance-profile command fails. To resolve this issue, run the describe-iam-instance-profile-associations command to get the associated instance ID. Then, run the replace-iam-instance-profile-association command to replace the instance profile. Or, run the disassociate-iam-instance-profile command to detach the instance profile, and then run the associate-iam-instance-profile command again.

  4. Run the describe-iam-instance-profile-associations command to verify that the IAM role is attached to the instance:

    aws ec2 describe-iam-instance-profile-associations --filters Name=INSTANCE-ID,Values=i-012345678910abcde

Related information

Use an IAM role to grant permissions to applications running on Amazon EC2 instances

Use instance profiles

Troubleshoot IAM and Amazon EC2

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access Management
Language
English

Related videos

Watch Mayank’s video to learn more (2:12)
Watch Mayank’s video to learn more (2:12)
AWS OFFICIALUpdated 2 months ago
No comments

Relevant content