Elastic Beanstalk instance profile

An instance profile is an IAM role that's applied to Amazon EC2 instances that are launched in your Elastic Beanstalk environment. When creating an Elastic Beanstalk environment, you specify the instance profile that's used when your EC2 instances take the following actions:

Retrieve application versions from Amazon Simple Storage Service (Amazon S3)
Write logs to Amazon S3
In AWS X-Ray integrated environments, upload debugging data to X-Ray
In Amazon ECS managed Docker environments, coordinate container deployments with Amazon Elastic Container Service (Amazon ECS)
In worker environments, read from an Amazon Simple Queue Service (Amazon SQS) queue
In worker environments, perform leader election with Amazon DynamoDB
In worker environments, publish instance health metrics to Amazon CloudWatch

Elastic Beanstalk provides a set of managed policies that allow the EC2 instances in your environment to perform required operations. The managed policies required for basic use cases are the following.

AWSElasticBeanstalkWebTier
AWSElasticBeanstalkWorkerTier
AWSElasticBeanstalkMulticontainerDocker

You attach these policies to the instance profile that you create when you launch an environment in the Elastic Beanstalk console for the first time.

If your web application requires access to other additional AWS services, add statements or managed policies to the instance profile that allow access to those services.

For more information about instance profiles, see Managing Elastic Beanstalk instance profiles.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Service role

User policy