0

Main problem is that I don't understand where I have to write these variables in the application.

I can not deploy my MVC application on AWS. After deploying i get error: Environment must have instance profile associated with it.

I found out the answer here: AWS Elastic Beanstalk - Environment must have instance profile associated with it

But I don't understand where I have to write these variables in the program.

OptionSettings.member.1.Namespace = aws:autoscaling:launchconfiguration
OptionSettings.member.1.OptionName = IamInstanceProfile
OptionSettings.member.1.Value = aws-elasticbeanstalk-ec2-role
TomTom
  • 91
  • 1
  • 11

2 Answers2

4

I got the same error in my Elastic Beanstalk's environment page. When I checked Visual Studio output message, it said

"Caught AmazonIdentityManagementServiceException whilst setting up role: User: arn:aws:iam::77485*****:user/vs_delpoy_agent is not authorized to perform: iam:GetInstanceProfile on resource: instance profile aws-elasticbeanstalk-ec2-role"

I solved this by creating my own policy on AWS's IAM page. That policy contains json like this

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:GetInstanceProfile"
            ],
            "Resource": "*"
        }
    ]
}

then add this newly created policy to your group

Slef Ved
  • 51
  • 1
  • 6
0

I met that issue during compliting AWS tutorial https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/docker.html But there were few more issues. Put them all here for future generations.

1)

~/eb-docker-flask$ eb init -p docker application-name

~/eb-docker-flask$ eb local run --port 5000

if you have issues with docker during local run you can try to use this instruction instead

~/eb-docker-flask$eb init -p "Docker running on 64bit Amazon Linux 2" application-name

this is for original question:

~/eb-docker-flask$ eb create environment-name

to make this work you should create a group, a user, a role, an instance profile. Me personally created user, group and role via AWS web GUI. To create a user you should been registred in AWS, connect to your root user, then go to IAM Managment platform, there you will find all three categories. As far as I understand it is recommended to give permissions to a group and just add a user you need to that group. But I just wanted to get it work so I added permissions to the user and to the group.

  • AdministratorAccess-AWSElasticBeanstalk
  • AWSElasticBeanstalkMulticontainerDocker
  • AWSElasticBeanstalkRoleWorkerTier

Group permissions

Same for the user plus one that I've created by myself (Add permissions => create inline policy)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:AddRoleToInstanceProfile",
                "iam:CreateInstanceProfile",
   

         "iam:ListInstanceProfilesForRole"
        ],
        "Resource": "*"
    }
]

}

Same three for the role (without handmade one)

Add the user to the group.

Now you can create an instance profile and add your role to that instance

https://repost.aws/knowledge-center/attach-replace-ec2-instance-profile

AWS Command Line Interface (AWS CLI) Add the role to an instance profile before attaching the instance profile to the EC2 instance.

  1. If you haven't already created an instance profile, then run the following AWS CLI command:
aws iam create-instance-profile --instance-profile-name EXAMPLEPROFILENAME
  1. Run the following AWS CLI command to add the role to the instance profile:
$ aws iam add-role-to-instance-profile --instance-profile-name EXAMPLEPROFILENAME --role-name EXAMPLEROLENAME

Now this one should work

~/eb-docker-flask$ eb create environment-name
Василий Панин
  • 1
  • 1