From the above articles from AWS we can now attach/replace IAM role of running instances.
The below example is simple scenario to test the same using CF..
- Provision EC2 Instance, Create S3 bucket, Create S3 Bucket Policy, Role and Instance Profile. But I am not attaching the instance profile to the EC2 Instance provisioned.
Lets provide the stack with CF template..
Successfully created stack..
Uploaded a document into the created S3 bucket..
Now lets take a look at EC2 Instance provisioned.. No IAM Role assigned to it.
Try accessing the document that we uploaded to S3 Bucket..
Updated the CF Template – https://github.com/sangitaccount/AWS/blob/master/cfn-templates/AWS_EC2_S3_T2.txt
Attached the Instance Profile created to the EC2 Instance..
Update CF completed successfully..
We can see IAM role now attached to the instance..
We will try the same commands to access the document uploaded to S3 bucket..