Posts by /u/Mountain_Cancel6704

CMV: AWS is possibly the worst designed software in hisotry

The sheer needless complexity of aws always gets on my nerves, but today was the final nail in the coffin. I needed to connect a new IAM profile to an EC2 instance. Sounds routine right? WRONG. After much digging, I found that I had to complete no less than 16 STEPs to finish this super basic task. If steve jobs were alive I’d think he’d quit apple and join aws just to fix this hideous affront to basic usability and inutive interfaces LOL.

Steps posted for reference:

Attach the Systems Manager instance profile to an existing instance (console)

  1. Sign in to the AWS Management Console and open the Amazon EC2 console at
  2. In the navigation pane, under Instances, choose Instances.
  3. Navigate to and choose your EC2 instance from the list.
  4. In the Actions menu, choose Security, Modify IAM role.
  5. For IAM role, select the instance profile you created using the procedure in Step 4: Create an IAM instance profile for Systems Manager.
  6. Choose Apply.

For more information about attaching IAM roles to instances, choose one of the following, depending on your selected operating system type:

TURNS OUT, BEFORE #5, YOU HAVE TO DO ALL THIS -Task 2: Add permissions to a Systems Manager instance profile (console)

Depending on whether you’re creating a new role for your instance profile or adding the necessary permissions to an existing role, use one of the following procedures.

To create an instance profile for Systems Manager managed instances (console)

  1. Open the IAM console at
  2. In the navigation pane, choose Roles, and then choose Create role.
  3. Under Select type of trusted entity, choose AWS service.
  4. Immediately under Choose the service that will use this role, choose EC2, and then choose Next: Permissions.
  5. On the Attach permissions policies page, do the following:
  • Use the Search field to locate the AmazonSSMManagedInstanceCore. Select the box next to its name.
    📷The console retains your selection even if you search for other policies.
  • If you created a custom S3 bucket policy in the previous procedure, Task 1: (Optional) Create a custom policy for S3 bucket access, search for it and select the box next to its name.
  • If you plan to join instances to an Active Directory managed by AWS Directory Service, search for AmazonSSMDirectoryServiceAccess and select the box next to its name.
  • If you plan to use EventBridge or CloudWatch Logs to manage or monitor your instance, search for CloudWatchAgentServerPolicy and select the box next to its name.
  1. Choose Next: Tags.
  2. (Optional) Add one or more tag-key value pairs to organize, track, or control access for this role, and then choose Next: Review.
  3. For Role name, enter a name for your new instance profile, such as SSMInstanceProfile
    or another name that you prefer.
    NoteMake a note of the role name. You will choose this role when you create new instances that you want to manage by using Systems Manager.
  4. (Optional) For Role description, enter a description for this instance profile.
  5. Choose Create role. The system returns you to the Roles page.

submitted by /u/Mountain_Cancel6704
[link] [comments]

Read More