I was following the tutorial here for a Ruby on Rails app to deploy to AWS using Elastic Beanstalk. I am getting the error

Unable to assume role "arn:aws:iam::xxxxxxxxxx:role/aws-elasticbeanstalk-service-role". 
Verify that the role exists and is configured correctly.

So I created a Role in IAM, and gave the AWSElasticBeanstalkFullAccess policy so far. I am wondering what I missed.

Also, when I do eb open, it gives me a 502 Bad Gateway Error. Is this related to the above error?

I had this same problem, to fix it I just created a new role, instead of using the default role option.

template.yml:

AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template to create a service-linked role for Elastic Beanstalk

Resources:

  ElasticBeanstalkServiceRole:
    Type: 'AWS::IAM::Role'
    Properties:
      RoleName: 'cicd-role'
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: 'Allow'
            Action: 'sts:AssumeRole'
            Principal:
              Service: 'elasticbeanstalk.amazonaws.com'
      Description: 'Allows Elastic Beanstalk to create and manage AWS resources on your behalf.'
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk
        - arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth
        - arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService

Outputs:
  RoleArn:
    Description: 'ARN of the Elastic Beanstalk service role'
    Value: !GetAtt [ElasticBeanstalkServiceRole, Arn]

Or in the aws Management Console:

• Roles > Create
• Trusted entity type > AWS service
• Use case > Elastic Beanstalk
• (Everything else as default)
• Create
• List item

lastly: eb create $EB_CONFIG-env --platform "$EBS_PLATFORM" --service-role $EB_SERVICE_ROLE

Some people are suggesting creating a new role. I managed to get rid of that error by taking the default role provided and updating the trust policy.

It started with:

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "",
        "Effect": "Allow",
        "Principal": {
          "Service": "elasticbeanstalk.amazonaws.com"
        }
      }
    ]
}

I changed it to

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "",
        "Effect": "Allow",
        "Principal": {
          "Service": "elasticbeanstalk.amazonaws.com"
        },
        "Action": "sts:AssumeRole",
        "Condition": {
          "StringEquals": {
            "sts:ExternalId": "elasticbeanstalk"
          }
        }
      }
    ]
}

It is described here:

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-servicerole.html#iam-servicerole-console

I somehow had a role with name aws-elasticbeanstalk-service-role, but ARN arn:aws:iam::XXXX:role/service-role/aws-elasticbeanstalk-service-role.

This meant elastic beanstalk was unable to create or assume the default ARN arn:aws:iam::XXXX:role/aws-elasticbeanstalk-service-role.

The solution was to delete the existing role (after switching existing projects to a backup role) and then create a new one with the correct name and ARN.

You need to give the right permissions to the role. Service role gives elasticbeanstalk the permission to call other services on your behalf.

You can read about the permissions required for your role here. Also do not mix service role and instance profile. They are two different roles with different purposes. Please read my answer for a more detailed explanation here.