How to launch an EC2 instance with IAM-Role?

0 votes

I can launch ec2-instance with iam-role in management console. But how do i launch ec2-instance with iam-role from aws-ruby-sdk?

iam-role "    test"'s Policy is here
    "Effect": "Allow",
    "Action": "*",
    "Resource": "*"

This was the result.

/var/lib/gems/1.8/gems/aws-sdk-1.7.1/lib/aws/core/client.rb:318:in `return_or_raise': 
You are not authorized to perform iam:PassRole with arn:aws:iam::xxxxxxxxxxx:role/test 
(AWS::EC2::Errors::UnauthorizedOperation)

Sep 3, 2018 in AWS by datageek
• 2,390 points
42 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

The credentials you are using from your Ruby script do not have permission to launch an instance using the 'test' IAM Role. You need to modify the policy for this user, and grant it the IAM : PassRole permission, For e.g:

{
  "Statement": [{
      "Effect":"Allow",
      "Action":"ec2:RunInstances",
      "Resource":"*"
    },
    {
      "Effect":"Allow",
      "Action":"iam:PassRole",
      "Resource":"arn:aws:iam::xxxxxxxxxxx:role/test"
    }]
}

This is a security feature - it is possible to mis-configure IAM to allow privilege escalations, so AWS uses a "secure by default" policy.

You could also use this policy to allow your users to launch instances using any IAM role - but make sure you are aware of security implications before doing this:

  {
      "Effect":"Allow",
      "Action":"iam:PassRole",
      "Resource":"*"
    }]

answered Sep 3, 2018 by Archana
• 3,770 points

Related Questions In AWS

0 votes
1 answer
0 votes
1 answer

How to safely upgrade an Amazon EC2 instance from t1.micro to large?

Using AWS Management Console: Right-Click on the instance Instance ...READ MORE

answered Oct 8, 2018 in AWS by Priyaj
• 56,120 points
21 views
+1 vote
2 answers

How to launch and access an instance using AWS-CLI?

aws ec2 run-instances --image-id ami-id --key-name yourkeyname ...READ MORE

answered Feb 23 in AWS by Shashank
• 1,350 points
79 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

Does it make sense to have an Amazon Elastic Load Balancer with just one EC2 instance?

Well you are right Elastic Load Balancer ...READ MORE

answered Mar 20 in AWS by ArchanaNagur
• 1,150 points
20 views
0 votes
1 answer

How to add IAM role to an existing instance in aws?

As of AWS CLI v1.11.46,  you can ...READ MORE

answered Sep 6, 2018 in AWS by Archana
• 3,770 points
29 views
0 votes
1 answer

How to recover lost private key of an EC2 instance?

I'm afraid it's not possible When you launch ...READ MORE

answered Sep 25, 2018 in AWS by Archana
• 3,770 points
47 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.