Remediation
F
From Consoleβ
- Sign in to the AWS Management Console and navigate to EC2 dashboard at https://console.aws.amazon.com/ec2/.
- In the left navigation panel, choose
Instances
. - Select the EC2 instance you want to modify.
- Click
Actions
. - Click
Security
. - Click
Modify IAM role
. - Click
Create new IAM role
if a new IAM role is required. - Select the IAM role you want to attach to your instance in the
IAM role
dropdown. - Click
Update IAM role
. - Repeat steps 3 to 9 for each EC2 instance in your AWS account that requires an IAM role to be attached.
From Command Lineβ
- Run the
describe-instances
command to list all EC2 instance IDs, available in the selected AWS region:
aws ec2 describe-instances --region <region-name> --query 'Reservations[*].Instances[*].InstanceId'
- Run the
associate-iam-instance-profile
command to attach an instance profile (which is attached to an IAM role) to the EC2 instance:
aws ec2 associate-iam-instance-profile --region <region-name> --instance-id <Instance-ID> --iam-instance-profile Name="Instance-Profile-Name"
- Run the
describe-instances
command again for the recently modified EC2 instance. The command output should return the instance profile ARN and ID:
aws ec2 describe-instances --region <region-name> --instance-id <Instance-ID> --query 'Reservations[*].Instances[*].IamInstanceProfile'
- Repeat steps 2 to 3 for each EC2 instance in your AWS account that requires an IAM role to be attached.