AWS Lightsail creating new instance (CLI)

Question

I'm working on creating a new instance and setting it up from the terminal.

I already created a IAM User - Group - Policy authorizing all accesses for Lightsail but when I log-in to my IAM user account and when I try to create a new instance from the terminal, I cannot and this exception is thrown:

Exception Screenshot

I am new to the use of AWS, do somebody has an idea of what is going wrong?

EDIT

Here is my setup:

AWS Setup

The error message is saying that you are using an IAM Role (`AmazonLightsailInstanceRole`). It looks like you are running the command from an Ubuntu EC2 instance, is that correct? In this case, you have access to permissions associated with the IAM Role that is assigned to the instance. It appears that this IAM Role does not have `lightsail:CreateInstances` permissions. You mention that you assigned permissions to an IAM User, which is a different entity than the IAM Role. — John Rotenstein, Feb 17 '21 at 21:00
Hi thank you for your answer, to give you more details: I'm running this command from another Lightsail instance terminal. So I should assign an IAM Role instead of User, I'll check this and update you soon. — Lucas FAURE, Feb 18 '21 at 16:49
Solved thanks to this post: [Stackoverflow configuring aws profile](https://stackoverflow.com/questions/34134879/aws-the-config-profile-myname-could-not-be-found) I needed to configure the AWS profile on the ubuntu lightsail system using `aws configure --profile ` — Lucas FAURE, Mar 02 '21 at 15:26

score 1 · Answer 1 · answered Feb 18 '21 at 20:58

1

You appear to be running the aws lightsail create-instances command from an Amazon EC2 instance. When doing so, it will use the permissions of the IAM Role associated with the instance.

Therefore, you should add lightsail:CreateInstances permissions (at a minimum) to the IAM Role. You might need to assign other permissions too, since launching instances uses many resources (eg security groups, roles).

It is not possible to assign an IAM User to an EC2 instance. Only IAM Roles can be assigned to an instance.

answered Feb 18 '21 at 20:58

John Rotenstein

241,921
22
380
470

I tried to create a Role but I didn't find the way to attach it to an instance, could you have a look on my question (EDIT part) please? Maybe I missed something setting up the IAM objects. (I still have the same exception), I'm actually using the terminal of the instance, should I try to log-in from another console? – Lucas FAURE Feb 19 '21 at 15:51

score 0 · Answer 2 · answered Feb 17 '21 at 19:56

0

Ensure "lightsail:CreateInstances" is included in IAM policy. See https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-managing-access-for-an-iam-user and https://lightsail.aws.amazon.com/ls/docs/en_us/articles/security_iam_service-with-iam.

answered Feb 17 '21 at 19:56

l3xpert

1
1

Hi, first of all, thank you for your answer, I'll check this documentation and make some tests. Then I'll let you know if I found the solution! – Lucas FAURE Feb 18 '21 at 16:50

AWS Lightsail creating new instance (CLI)

2 Answers2