I created a new AWS Identity and Access Management (IAM) role, but I can't find the role in the drop-down list when I launch an instance.

The drop-down list includes instance profiles and not IAM roles, but you can add an IAM role to an instance profile. You must choose the instance profile that has the required IAM role added to it.

Follow these steps to create a new IAM role that is linked to an instance profile, so you can choose the instance profile from the drop-down list when you launch your instance. There are two ways to create a new IAM role that is linked to an instance profile: by using AWS Identity and Access Management console or the AWS Command Line Interface (AWS CLI).

Using the AWS Identity and Access Management console

1.    Open the AWS Identity and Access Management console.

2.    In the navigation pane, under Roles, choose Create role.

3.    Choose EC2 as the AWS service, and select EC2 as your use case

4.    Attach the appropriate permissions policies for your use case, and choose Next.

When you select EC2 as your use case, a trust relationship is created for Amazon Elastic Compute Cloud (Amazon EC2). It also creates an instance profile, gives it the same name as the IAM role, and adds the IAM role to the same Instance profile. If EC2 isn't selected when the IAM role is created, no instance profile or trust relationships are created for Amazon EC2.

Using the AWS CLI

1.    Create a file named Test-Role-Trust-Policy.json and paste the following policy in the file:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": "ec2.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

2.    Create an IAM role by running the following command:

$ aws iam create-role --role-name Test-Role --assume-role-policy-document file://Test-Role-Trust-Policy.json

3.    Create an instance profile by running the following command:

$ aws iam create-instance-profile --instance-profile-name Webserver

4.    Add an IAM role to the instance profile by running the following command:

aws iam add-role-to-instance-profile --role-name Test-Role --instance-profile-name Webserver

Note: If the IAM roles and instance profiles have different names, you must select the instance profile that has the required IAM role added to it when launching an EC2 instance. The IAM role will not be listed in the drop-down list.  


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-07-19

Updated: 2018-01-24