AWS Security Blog

Easily Replace or Attach an IAM Role to an Existing EC2 Instance by Using the EC2 Console

April 13, 2022: This blog is out of date. Please refer to this documentation for updated info: Amazon Elastic Compute Cloud User Guide


AWS Identity and Access Management (IAM) roles enable your applications running on Amazon EC2 to use temporary security credentials. IAM roles for EC2 make it easier for your applications to make API requests securely from an instance because they do not require you to manage AWS security credentials that the applications use. Recently, we enabled you to use temporary security credentials for your applications by attaching an IAM role to an existing EC2 instance by using the AWS CLI and SDK. To learn more, see New! Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI.

Starting today, you can attach an IAM role to an existing EC2 instance from the EC2 console. You can also use the EC2 console to replace an IAM role attached to an existing instance. In this blog post, I will show how to attach an IAM role to an existing EC2 instance from the EC2 console.

Attach an IAM role to an existing EC2 instance from the EC2 console

To attach an IAM role to an existing EC2 instance from the EC2 console:

  1. Navigate to the EC2 console.
  2. Choose Instances in the navigation pane.
  3. Select the instance to which you want to attach an IAM role. To ensure an IAM role is not already attached, verify that the value of the IAM role on the Description tab of the instance is empty.
    Screenshot of the IAM role value being empty
  1. Choose Actions, choose Instance Settings and then Attach/Replace IAM role from the drop-down list.
    Screenshot of choosing Attach/Replace IAM role
  2. On the Attach/Replace IAM role page, choose a role to attach (in this example, I choose EC2Role1) from the drop-down list.
    Screenshot of choosing the IAM role
    Note: You also can create a new role by choosing Create new IAM role. To learn more, see To create an IAM role using the IAM console.
  1. After choosing the IAM role, proceed to the next step by choosing Apply.

In my case, the IAM role was successfully attached to the EC2 instance, as shown in the following screenshot.

RRI-6-A-final

To confirm that the role is attached to the desired EC2 instance, I navigate to the instance detail page where I see that EC2Role1 is the IAM role, as shown in the following screenshot.

Screenshot showing EC2Role1 as the IAM role

If you have comments about this post, submit them in the “Comments” section below. If you have questions or suggestions, please start a new thread on the IAM forum.

– Mari

Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.