Don’t know how to Attach an instance profile to EC2? We can help you.
Here, at Bobcares, we assist our customers with several AWS queries as part of our AWS Support Services.
Today let us see the steps our Engineers employ to perform the same.
Attach instance profile to EC2
If we create the AWS IAM role via AWS Management Console and select EC2 as the AWS service, the instance profile and role names are the same.
On the other hand, if we create the IAM role via AWS CLI, we must also create the instance profile using the AWS CLI. The IAM role name and instance profile name can be different.
In order to avoid errors, we make sure to use the most recent version of the AWS CLI.
We must have permission to launch EC2 instances and to pass IAM roles.
AWS Management Console
1. Initially, we open the Amazon EC2 console and select Instances.
2. After that, we select the instance that we want to attach an IAM role.
3. Under the details pane, we can check if an IAM role is attached or not. If it exists, changing the role doesn’t affect the applications or access to AWS services.
4. Then we select Actions, Security, and then Modify IAM role.
5. From the Choose IAM role dropdown list, we select the instance profile that we want to attach.
6. Finally, we select the option, Save.
AWS Command Line Interface (AWS CLI)
Before we attach the instance profile to the EC2 instance, we add the role to it.
1. In case we don’t have an instance profile, we can run the following command:
aws iam create-instance-profile --instance-profile-name EXAMPLEPROFILENAME
2. Then to add the role to the instance profile, we run:
$ aws iam add-role-to-instance-profile --instance-profile-name EXAMPLEPROFILENAME --role-name EXAMPLEROLENAME
3. In addition, we can attach the instance profile to the EC2 instance using the command below:
$ aws ec2 associate-iam-instance-profile --iam-instance-profile Name=EXAMPLEPROFILENAME --instance-id i-012345678910abcde
However, if we have an instance profile, the associate-iam-instance-profile command will fail.
To resolve this, first, we run the describe-iam-instance-profile-associations command and get the associated instance ID.
Then, perform either of the following:
To replace the instance profile, we can run the replace-iam-instance-profile-association command.
We can run the disassociate-iam-instance-profile command to detach the instance profile, and then rerun the associate-iam-instance-profile command.
4. Finally, to verify that the IAM role attaches to the instance, we run:
$ aws ec2 describe-iam-instance-profile-associations --filters Name=instance-id,Values=i-012345678910abcde
[Need further assistance? We are here to assist you]
In short, we saw how our Support Techs attach or replace instance profiles to EC2.