How to start an ec2 instance with an iam role?

Question

How to start an ec2 instance with an iam role?

I can run an ec2 instance with an iam role in the management console. But I do not know how to run an ec2 instance with an iam role from aws-ruby-sdk

iam-role " test" Policy is here "Effect": "Allow", "Action": "*", "Resource": "*"

Here is the result:

 /var/lib/gems/1.8/gems/aws-sdk-1.7.1/lib/aws/core/client.rb:318:in `return_or_raise': You are not authorized to perform iam:PassRole with arn:aws:iam::xxxxxxxxxxx:role/test (AWS::EC2::Errors::UnauthorizedOperation)

+6

amazon-web-services amazon-ec2

taxaas Nov 25 '12 at 19:04

source share

1 answer

Mike ryan · Answer 1 · 2012-12-06T13:49:40+0000

The credentials that you use with your Ruby script do not have permission to run the instance using the "IAM" test role. You need to change the policy for this user and grant him IAM: PassRole permission, for example:

 { "Statement": [{ "Effect":"Allow", "Action":"ec2:RunInstances", "Resource":"*" }, { "Effect":"Allow", "Action":"iam:PassRole", "Resource":"arn:aws:iam::xxxxxxxxxxx:role/test" }] }

This is a security feature — it is possible that IAM is not configured correctly to allow privilege escalation, which is why AWS uses the "secure by default" policy.

You can also use this policy to allow your users to run instances using any IAM role, but before that you must consider the security implications:

  { "Effect":"Allow", "Action":"iam:PassRole", "Resource":"*" }]

Link: http://docs.amazonwebservices.com/IAM/latest/UserGuide/role-usecase-ec2app.html

How to start an ec2 instance with an iam role?

More articles: