How to launch an EC2 instance with IAM-Role?

0 votes

I can launch ec2-instance with iam-role in management console. But how do i launch ec2-instance with iam-role from aws-ruby-sdk?

iam-role "    test"'s Policy is here
    "Effect": "Allow",
    "Action": "*",
    "Resource": "*"

This was the result.

/var/lib/gems/1.8/gems/aws-sdk-1.7.1/lib/aws/core/client.rb:318:in `return_or_raise': 
You are not authorized to perform iam:PassRole with arn:aws:iam::xxxxxxxxxxx:role/test 
(AWS::EC2::Errors::UnauthorizedOperation)

Sep 3, 2018 in AWS by datageek
• 2,440 points
86 views

1 answer to this question.

0 votes

The credentials you are using from your Ruby script do not have permission to launch an instance using the 'test' IAM Role. You need to modify the policy for this user, and grant it the IAM : PassRole permission, For e.g:

{
  "Statement": [{
      "Effect":"Allow",
      "Action":"ec2:RunInstances",
      "Resource":"*"
    },
    {
      "Effect":"Allow",
      "Action":"iam:PassRole",
      "Resource":"arn:aws:iam::xxxxxxxxxxx:role/test"
    }]
}

This is a security feature - it is possible to mis-configure IAM to allow privilege escalations, so AWS uses a "secure by default" policy.

You could also use this policy to allow your users to launch instances using any IAM role - but make sure you are aware of security implications before doing this:

  {
      "Effect":"Allow",
      "Action":"iam:PassRole",
      "Resource":"*"
    }]

answered Sep 3, 2018 by Archana
• 4,090 points

Related Questions In AWS

0 votes
1 answer
0 votes
1 answer

How to safely upgrade an Amazon EC2 instance from t1.micro to large?

Using AWS Management Console: Right-Click on the instance Instance ...READ MORE

answered Oct 8, 2018 in AWS by Priyaj
• 56,160 points
29 views
+1 vote
2 answers

How to launch and access an instance using AWS-CLI?

aws ec2 run-instances --image-id ami-id --key-name yourkeyname ...READ MORE

answered Feb 23 in AWS by Shashank
• 1,350 points
99 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

How to add IAM role to an existing instance in aws?

As of AWS CLI v1.11.46,  you can ...READ MORE

answered Sep 6, 2018 in AWS by Archana
• 4,090 points
54 views
0 votes
1 answer

How to recover lost private key of an EC2 instance?

I'm afraid it's not possible When you launch ...READ MORE

answered Sep 25, 2018 in AWS by Archana
• 4,090 points
76 views