Try it now and let us know what you think. Switch to the new look >>
You can return to the original look by selecting English in the language selector above.
Using Instance Profiles
An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.
Managing Instance Profiles (Console)
If you use the AWS Management Console to create a role for Amazon EC2, the console automatically creates an instance profile and gives it the same name as the role. When you then use the Amazon EC2 console to launch an instance with an IAM role, you can select a role to associate with the instance. In the console, the list that's displayed is actually a list of instance profile names. The console does not create an instance profile for a role that is not associated with Amazon EC2.
Managing Instance Profiles (AWS CLI or AWS API)
If you manage your roles from the AWS CLI or the AWS API, you create roles and instance profiles as separate actions. Because roles and instance profiles can have different names, you must know the names of your instance profiles as well as the names of roles they contain. That way you can choose the correct instance profile when you launch an EC2 instance.
Note
An instance profile can contain only one IAM role, although a role can be included in multiple instance profiles. This limit of one role per instance profile cannot be increased. You can remove the existing role and then add a different role to an instance profile. You must then wait for the change to appear across all of AWS because of eventual consistency. To force the change, you must disassociate the instance profile and then associate the instance profile, or you can stop your instance and then restart it.
Managing Instance Profiles (AWS CLI)
You can use the following AWS CLI commands to work with instance profiles in an AWS account.
-
Create an instance profile:
aws iam create-instance-profile -
Add a role to an instance profile:
aws iam add-role-to-instance-profile -
List instance profiles:
aws iam list-instance-profiles,aws iam list-instance-profiles-for-role -
Get information about an instance profile:
aws iam get-instance-profile -
Remove a role from an instance profile:
aws iam remove-role-from-instance-profile -
Delete an instance profile:
aws iam delete-instance-profile
You can also attach a role to an already running EC2 instance by using the following commands. For more information, see IAM Roles for Amazon EC2.
-
Attach an instance profile with a role to a stopped or running EC2 instance:
aws ec2 associate-iam-instance-profile -
Get information about an instance profile attached to an EC2 instance:
aws ec2 describe-iam-instance-profile-associations -
Detach an instance profile with a role from a stopped or running EC2 instance:
aws ec2 disassociate-iam-instance-profile
Managing Instance Profiles (AWS API)
You can call the following AWS API operations to work with instance profiles in an AWS account.
-
Create an instance profile:
CreateInstanceProfile -
Add a role to an instance profile:
AddRoleToInstanceProfile -
List instance profiles:
ListInstanceProfiles,ListInstanceProfilesForRole -
Get information about an instance profile:
GetInstanceProfile -
Remove a role from an instance profile:
RemoveRoleFromInstanceProfile -
Delete an instance profile:
DeleteInstanceProfile
You can also attach a role to an already running EC2 instance by calling the following operations. For more information, see IAM Roles for Amazon EC2.
-
Attach an instance profile with a role to a stopped or running EC2 instance:
AssociateIamInstanceProfile -
Get information about an instance profile attached to an EC2 instance:
DescribeIamInstanceProfileAssociations -
Detach an instance profile with a role from a stopped or running EC2 instance:
DisassociateIamInstanceProfile
