EC2 instance temporary creds from IAM role not working

Question

I have an EC2 instance that I have associated an IAM role to. The Role is called EC2_Role (very original) and when I perform the following in Powershell :

Get-EC2InstanceMetadata -Path "/iam/info"

I get nothing. Just a new prompt after it runs.

The following python code :

class Boto3STSService():
def __init__(self):
    sts_connection = boto3.client('sts')
    assume_role_object = sts_connection.assume_role(RoleArn='arn:aws:iam::153621189007:role/EC2_Role', RoleSessionName='sds_mws_session', DurationSeconds=3600)
    self.credentials = assume_role_object['Credentials']
    print(self.credentials)

credentials = Boto3STSService()

says "NoCredentialsError: Unable to locate credentials" which seems to bear out the nothing I get from powershell.

the role, arn:aws:iam::<account>:role/EC2_Role, shows an profile of arn:aws:iam::<same account>:instance-profile/EC2_Role and it has a policy of AmazonEC2FullAccess.

So why would I be unable to retrieve temporary credentials, or any info at all, from the IAM role associated with the instance?

The instance is windows server 2016.

Maybe related: https://stackoverflow.com/questions/45095261/aws-ec2-windows-10-cant-access-metadata — jarmod, Sep 12 '19 at 00:46

score 0 · Accepted Answer · answered Sep 12 '19 at 00:37

0

Try:

Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/iam/security-credentials/EC2_Role/

I'm not sure how that translates to Get-EC2InstanceMetadata.

answered Sep 12 '19 at 00:37

John Rotenstein

241,921
22
380
470

gives page not found. – Shenanigator Sep 12 '19 at 00:38
In that case, start removing elements from the end until you get a valid response. It will provide a list of valid values. – John Rotenstein Sep 12 '19 at 00:46

EC2 instance temporary creds from IAM role not working

1 Answers1