Menu
tl;dr Instance gets assumed-role instead of what I set in configuration.
I deploy a java application in docker into elastic-beanstalk; I actually set a specific role with my custom policies in .ebextensions/instance.config:
- namespace: aws:autoscaling:launchconfiguration
option_name: IamInstanceProfile
value: custom-profile
When I deploy with eb init && eb create --tier worker everything is okay. Then the application tries to access stuff, which is allowed in custom-profile, but it fails with:
Exception in thread "main" com.amazonaws.AmazonServiceException: User: arn:aws:sts::***:assumed-role/aws-elasticbeanstalk-ec2-role/*** is not authorized to perform: ...
It doesn't even mention the reason why it uses an "assumed role". Interestingly, when I set the role manually in the web console and upload the zip, it works.
I've tried using SingleInstance and LoadBalanced, both to the same result. I've read the docs and googled, but found nothing that would work. I've added the PassRole priviledge to my console user, but I don't even know, if it helps anything. The config is accepted as valid, but while the EC2 instance is created I don't have any info as to why it's not assigned the right role.
I'll be thankful for your advice.
Notes: new InstanceProfileCredentialsProvider() is used in Java.
960
The EB CLI tells Elastic Beanstalk to use the "aws-elasticbeanstalk-ec2-role" instance profile. This will override your ebextensions. In order to use your own profile, you can either use the "-ip" option or you can use a default saved configuration.
eb create --tier worker -ip custom-profile
If you want to do this with saved configurations instead, see this blog post.
101
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
