How to add an IAM role to an existing instance in AWS?


I would like to add an IAM Role to an existing EC2 instance in AWS. I tried using AWS CLI. However, I could not find a way to do that.


As of AWS CLI v1.11.46, which was released just yesterday (see the CHANGELOG file on GitHub), you can now attach an IAM role to an existing EC2 instance that was originally launched without an IAM role using the associate-iam-instance-profile command.

You can also replace the currently attached IAM role for a running instance using replace-iam-instance-profile-association.

For more details, see the following article on AWS Security Blog:

Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI.


As of Feb 22, 2017, you can attach/replace an IAM role to an existing EC2 instance from the EC2 console as well. See this blog post for more details.

Leave a Reply