setting-up-ec2-instance-profiles

Original：🇺🇸 English

Translated

Configures EC2 instances to securely call AWS services by creating and attaching IAM roles via instance profiles, eliminating hardcoded credentials. Use when an EC2 instance needs permissions to access AWS services like S3, DynamoDB, SQS, or CloudWatch through temporary credentials.

5installs

Sourceaws/agent-toolkit-for-aws

Added on2026-05-07

NPX Install

npx skill4agent add aws/agent-toolkit-for-aws setting-up-ec2-instance-profiles

SKILL.md Content

View Translation Comparison →

Setting Up EC2 Instance Profiles

Overview

Domain expertise for granting EC2 instances secure access to AWS services using IAM roles and instance profiles. Covers the full lifecycle: identifying required permissions, creating or reusing IAM roles with least-privilege policies, creating instance profiles, attaching them to EC2 instances, and verifying credential availability.

Configure an EC2 instance profile

To set up an IAM role and instance profile for an EC2 instance, follow the procedure exactly. See EC2 instance profile setup procedure.

Troubleshooting

Instance not found

Verify the instance ID and region are correct. List instances with

aws ec2 describe-instances --region <region>

.

Instance already has a profile

The procedure handles replacement — it will prompt before disassociating the existing profile.

Credentials not available after attachment

Instance profile propagation can take 30–60 seconds. Applications may need a restart to pick up new credentials.

Access denied errors

Check that the role's policies include the required actions and resource ARNs. Review CloudTrail logs for the specific denied action.

Application still uses hardcoded credentials

Remove credentials from config files, environment variables (

AWS_ACCESS_KEY_ID

,

AWS_SECRET_ACCESS_KEY

), and

~/.aws/credentials

. The SDK default credential chain will then use the instance profile.