AWS – Attach/Replace IAM role of running instance

https://aws.amazon.com/blogs/security/easily-replace-or-attach-an-iam-role-to-an-existing-ec2-instance-by-using-the-ec2-console/

https://aws.amazon.com/blogs/security/new-attach-an-aws-iam-role-to-an-existing-amazon-ec2-instance-by-using-the-aws-cli/

From the above articles from AWS we can now attach/replace IAM role of running instances.

The below example is simple scenario to test the same using CF..

  • Provision EC2 Instance, Create S3 bucket, Create S3 Bucket Policy, Role and Instance Profile. But I am not attaching the instance profile to the EC2 Instance provisioned.

CF Template – https://github.com/sangitaccount/AWS/blob/master/cfn-templates/AWS_EC2_S3.txt

Lets provide the stack with CF template..

AWS_EC2_S3_T1.JPG

Successfully created stack..

AWS_EC2_S3_T2

Uploaded a document into the created S3 bucket..

AWS_EC2_S3_T3

Now lets take a look at EC2 Instance provisioned.. No IAM Role assigned to it.

AWS_EC2_S3_T4.JPG

Try accessing the document that we uploaded to S3 Bucket..

AWS_EC2_S3_T5.JPG

Updated the CF Template – https://github.com/sangitaccount/AWS/blob/master/cfn-templates/AWS_EC2_S3_T2.txt

Attached the Instance Profile created to the EC2 Instance..

AWS_EC2_S3_T6

Update CF completed successfully..

AWS_EC2_S3_T7

We can see IAM role now attached to the instance..

AWS_EC2_S3_T8.JPG

We will try the same commands to access the document uploaded to S3 bucket..

AWS_EC2_S3_T9

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s