I`m trying to deploy a django project to AWS Beanstalk following this tutorial. I executed
eb create
and after a while I get the error
The instance profile aws-elasticbeanstalk-ec2-role associated with the environment does not exist.
I`m new to the Amazon cloud and can not interprete this error. Can somebody help me?
That role is created the first time you use the elastic beanstalk console. The CLI also attempts to create it, but your IAM user doesn't have permissions to create it. You can fix this error by logging in to the console and getting to the platform selection page. You will notice that it will ask you to create a role.
Otherwise, you can give your IAM user create role permissions and the CLI will create the role for you.
Earlier Elastic Beanstalk used to create a default EC2 instance profile named aws-elasticbeanstalk-ec2-role the first time an AWS account create an environment. This instance profile included default managed policies. However, recent AWS security guidelines don’t allow an AWS service to automatically create roles with trust policies to other AWS services, EC2 in this case. Because of these security guidelines, Elastic Beanstalk no longer creates a default aws-elasticbeanstalk-ec2-role instance profile.
So if your AWS account doesn’t have an EC2 instance profile, you must create one using the IAM service. You can then assign the EC2 instance profile to the new environments that you create.
Open IAM Console → In the navigation pane of the console, choose Roles and then create role → Under Trusted entity type, choose AWS service → Under Use case, choose EC2 → Choose Next → Attach- AWSElasticBeanstalkWebTier, AWSElasticBeanstalkWorkerTier, AWSElasticBeanstalkMulticontainerDocker → Choose Next → Enter a name for the role - aws-elasticbeanstalk-ec2-role → Choose Create role.
If you already have an instance profile, make sure you have below-required policies. To meet the default use cases for an environment, these policies must be attached to the role for the EC2 instance profile:-
Role name: aws-elasticbeanstalk-ec2-role
Permission policies attached:-
AWSElasticBeanstalkWebTierAWSElasticBeanstalkWorkerTierAWSElasticBeanstalkMulticontainerDockerTrust relationship policy for EC2:-
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Hope this helps.
aws-elasticbeanstalk-ec2-role in the console when creating/editing the environment. If you have used a different role name, please make sure to use that. In environment configuration, you can verify which instance profile is being used. –
Ulrick aws-elasticbeanstalk-service-role, you can follow the detailed instructions as mentioned here in this answer: https://mcmap.net/q/428462/-aws-elastic-beanstalk-sample-app-not-able-to-use-role-to-obtain-required-permissions-for-managed-updates –
Ulrick That role is created the first time you use the elastic beanstalk console. The CLI also attempts to create it, but your IAM user doesn't have permissions to create it. You can fix this error by logging in to the console and getting to the platform selection page. You will notice that it will ask you to create a role.
Otherwise, you can give your IAM user create role permissions and the CLI will create the role for you.
If someone don't want or can't to create the role using the aws elb web console, you just need to create the role manually and add these policies:
Test if this role is mandatory. Maybe we just need to add this policies to the current user
As others have said: AWS has a bug here, it no longer allows its Environment builder to create the required roles automatically. You have to create them manually.
And you have to create two for ElasticBeanstalk: one whose "Service or use case" is associated with elasticbeanstalk and the other that is associated with EC2.
When you follow the console steps to create an environment, you will be prompted for both. The current error is that they are currently not considered as required, whereas they are, since the wizard will not be able to automatically create them.
Make sure to fill both highlighted roles:
You can check one option that works here for AWS Beanstalk. This is using AWS Console.
Similarly, it should work for AWS CLI and AWS SDK as well. Key here is the instance profile role you select for EC2 (or say instance IAM role/instance profile) during Beanstalk Environment creation.
You can create customer managed policy extending or reusing AWSElasticBeanstalkFullAccess policy based on need. Refer AWSElasticBeanstalkFullAccess to understand it better. Also, check out some more AWS Managed policies starting with AWSElasticBeanStalk*.
Somehow default aws-elasticbeanstalk-ec2-role policy is not working/taking effect as desired for me. I am getting same error message as reported above if I go with default policy.
I was facing same issue but then fixed it by first creating a test environment from browser GUI, which will create all necessary roles and then run command eb create from CLI. After successful creation of required env you can delete the test env.
I had the exact same problem.
Contrary to what the Amazon AWS doc wants you to believe, the aws-elasticbeanstalk-ec2-role was not automatically created.
I ended up rolling my own in the IAM -> roles section.
I got the same error. Resolved it by following the same process as mentioned above (Creating a role aws-elasticbeanstalk-ec2-role) and then only change i made during creating the environment was by Clicking on Creat and Use new service Role instead of Use an existing serivce role. I am assuming that it should be done only during your First environment creation. Changes to Be made
© 2022 - 2024 — McMap. All rights reserved.
