4

I have the following demo role created for AWS:

Demo Role Summary

with the following trust relationship:

Demo Role Trust Relationships

Now, I am trying to modify the role of an EC2 instance to be DemoRoleForEC2, but the role is not appearing in the dropdown list:

Modify IAM Role Page

According to this answer here: IAM Role not showing in aws console in Modify IAM role page , it should be working fine as the Trust Relationships are ok, but it is not.

Other things I tried was stopping and restarting the EC2 Instance, and trying to create the role from the "Modify Role for IAM" page, but none worked. Any idea what the issue might be?

Alberto A
  • 1,160
  • 4
  • 17
  • 35
  • Could AWS console issue. Have you tried using AWS CLI for that? – Marcin Dec 21 '21 at 02:24
  • Did you create the role from AWS Console or CLI? To attach the role to an instance you need additionally an Instance Profile. When creating via AWS Console it happens behind the scenes (created together with IAM Role) but if you are creating via CLI then you need to explicitly create it apart from IAM Role – OARP Dec 21 '21 at 05:47
  • 1
    I am new to AWS, following a course on Udemy, and am running into an identical issue. In my case both instance and role were created from the AWS Console. – Mike Strother Dec 21 '21 at 21:19
  • 1
    I'm following the exact same udemy course and had this issue. I created the role from the console, but haven't tried to set it from the CLI – Alberto A Dec 22 '21 at 01:47

3 Answers3

8

Just to update this answer, apparently, what is happening is that when creating a role, its instance profile is not being automatically created (I haven't figured out the reason yet). What I did was running these two commands on CLI:

aws iam create-instance-profile --instance-profile-name MyRoleInstanceProfile
aws iam add-role-to-instance-profile --role-name MyRole --instance-profile-name MyRoleInstanceProfile

And then the role will appear in the list in the "Modify Role for IAM" page.

Alberto A
  • 1,160
  • 4
  • 17
  • 35
  • I ran into the same issue a while ago. Not only I had to create a new instance profile with new role as mentioned above but also had to replace the existing ec2 instance profile using `aws ec2 associate-iam-instance-profile --instance-id --iam-instance-profile Name=MyRoleInstanceProfile aws ec2 replace-iam-instance-profile-association --association-id --iam-instance-profile Name=MyRoleInstanceProfile` Existing association details can be retrieved using `aws ec2 describe-iam-instance-profile-associations --region ` – keshav jois Jun 28 '22 at 03:39
1

One thing to check is the browser you are using to do this task and any browser extensions you may have installed.

I hit this issue where I was creating an EC2 role via the AWS console but it was not creating the instance profile.

I found the issue to be because I was using chrome and with the ClearURLs extension. I disabled this extension and when I then tried to create the role via the console, then the instance profile was also being created.

jaxim
  • 1,105
  • 9
  • 13
0

In my case I was creating an instance profile and adding a role with the CLI. Then, the instance profile was not showing up on EMR but it was appearing on EC2. After several attempts I tried naming the instance profile and the role with the same name (and no special characters), and then it worked.

Pol Santamaria
  • 41
  • 3