DEV Community

Cover image for How to fix the “aws-elasticbeanstalk-ec2-role” error in AWS Elastic Beanstalk.
Ukagha Nzubechukwu
Ukagha Nzubechukwu

Posted on • Updated on

How to fix the “aws-elasticbeanstalk-ec2-role” error in AWS Elastic Beanstalk.

If you're reading this, chances are you have encountered the "aws-elasticbeanstalk-ec2-role" error. This error message is usually caused by missing security configurations, associated with the EC2 instance that Elastic Beanstalk launches.

aws-elasticbeanstalk-ec2-role error screenshot

In this guide, you will learn how to troubleshoot and fix the "aws-elasticbeanstalk-ec2-role" error.

Prerequisites

To complete this guide, you'll need the following:

  1. An AWS account.
  2. Some familiarity with AWS IAM and AWS Elastic Beanstalk. If you are not familiar with the following topics, check out these tutorials — Introduction to AWS Elastic Beanstalk and Lab 1 Introduction to AWS IAM.

Understanding the "aws-elasticbeanstalk-ec2-role" error

It's important to understand the nature and cause of the error before attempting to solve it.

In AWS, instance profiles are used to give permissions to EC2 instances. If an instance profile lacks the necessary permissions or configurations, the associated EC2 instance will not have access to AWS resources like S3, RDS, DynamoDB, and much more.

An instance profile is a container for an AWS IAM role that you can assign to an EC2 instance.

An image depicting the relationship between an instance profile and an AWS service like EC2

The "aws-elasticbeanstalk-ec2-role" error occurs while setting up an environment in the Elastic Beanstalk console. The error originates when you choose the Create and use a new service role option and do not provide an EC2 instance profile with the necessary permissions. It's important to note that this error is due to AWS security guidelines.

AWS Configure service access page screenshot

Way back, AWS services like EC2 were allowed to create a default “aws-elasticbeanstalk-ec2-role” instance profile on the spot, but this practice has been changed in line with security best practices.

How to fix the “aws-elasticbeanstalk-ec2-role” error

To fix the "aws-elasticbeanstalk-ec2-role" error, create an instance profile and assign it the necessary roles and permissions.

Step 1. Create a new role: In this step, you will create a role.

To create a role, visit the IAM page.

The AWS IAM page screenshot

In the left-hand corner, under the Access management dropdown, click Role to create a role.

AWS IAM Access management dropdown screenshot

Once directed to the Roles page, click Create role.

AWS IAM Role page screenshot

To continue, keep the default Trusted entity type option.

AWS IAM ROLE Trust entity type option

In the Service or use case field, select EC2 and click Next to add permissions.

AWS IAM Role Service or use case option

Step 2. Add permissions: After creating a role, you need to assign permissions to define the actions that the EC2 instance launched by Elastic Beanstalk can perform on AWS resources.

Search and select the following permissions listed below:

  • AWSElasticBeanstalkWebTier
  • AWSElasticBeanstalkWorkerTier
  • AWSElasticBeanstalkMulticontainerDocker

AWS Add Permission page screenshot

Once completed, click Next.

Step 3. Review your details: Once directed to the review page, enter a role name.

AWS Review Role Details page screenshot

Scroll down to add a tag name, although this is optional.

AWS Review Role page: Add tag screenshot

Once you have filled out all the required information, carefully review your role details. If you are satisfied with them, click Create Role to complete the process.

AWS Instance profile

You have successfully created an instance profile. Now, verify the solution by setting up an environment in Elastic Beanstalk.

Step 4: Setting up an Elastic Beanstalk environment: Now that you have created an instance profile for the EC2 service. Set up an Elastic Beanstalk environment.

To ensure this guide stays focused on the intended subject matter, I will not cover all the steps required to set up an Elastic Beanstalk environment. I will proceed directly to the 'configure service access' page. If you need guidance on how to set up an Elastic Beanstalk environment, I recommend checking out this video — Deploy a Web Application Using Elastic Beanstalk

In the "configure service access" page, select Create and use new service role. In the EC2 instance profile, field select the newly created instance profile.

Once you have filled out the other fields on the following pages, you can proceed to create your environment.

AWS Elastic Beanstalk configure service access

Viola! The solution worked!

AWS Elastic Beanstalk successfully instance launch screenshot

Conclusion

In this guide, you learned how to fix the "aws-elasticbeanstalk-ec2-role" error in AWS Elastic Beanstalk. By understanding the causes of this error, such as misconfigured IAM roles or insufficient permissions, you can take appropriate steps to rectify this issue anytime it comes up.

If you need any more help with debugging, don't hesitate to ask. Happy debugging 🛠️👩🏻‍💻, and have a fantastic day!

Top comments (0)