Elastic Beanstalk migration Upload Source Code to S3 instructions

[sdoyle88]

Hi there!

I recently attempted this lab at an AWS hosted event, and noticed that there is no IAM role that ever gets attached to the Webserver instance. This breaks the step in upload-source-code-to-s3.en.md, as the EC2 doesn't have the permissions required to upload the .zip bundle to Beanstalk. For the AWS hosted event there is a workaround using another instance profile role available that has S3 PutObject permissions. However, not sure if there should be an explicit callout to use that role, or to create a new one with S3 permissions.

[sduru]

Hello, could you help me to understand the issue you got here? There should normally be an attached role for your webserver EC2 instance which has the rights to put object to an S3 bucket. Is that possible for you to check if you can see the attached IAM role in your instance details > under Security tab ? You should be seeing the EC2InstanceRole there, then would be great if you could click to that role and confirm if you can see S3 is permitted under your role details (Policy name: AmazonEC2RoleforSSM)? thanks

[sdoyle88]

That is the issue. When I checked the web server instance it had NO attached instance role. In order to get the lab to work, I had to attach a role to the instance. I did not have enough rights to create a new role (IIRC), so I had to attach another instance role that was established for EC2 that had the appropriate S3 PutObject permissions. I will try to launch this stack again and see if I have the same issue.

[sduru]

Ok. thanks. will wait your confirmation. The Role is created and attached into the instances automatically when worskhop launched through Cloudformation.