That’s kinda an old thing. Before nowadays you couldn’t even change profile for launched instance, but you could change a role attached. Think of it as of a single identity that a group of instances can have (e.g. your scalegroup instances share single instance profile, hence a single entity name assuming a role) Answer from Difficult-Ad-3938 on reddit.com
AWS
docs.aws.amazon.com › aws cloudformation › template reference › aws identity and access management › aws::iam::instanceprofile
AWS::IAM::InstanceProfile - AWS CloudFormation
{ "Type" : "AWS::IAM::InstanceProfile", "Properties" : { "InstanceProfileName" : String, "Path" : String, "Roles" : [ String, ...
Amazon Web Services
docs.aws.amazon.com › aws identity and access management › user guide › iam identities › iam roles › methods to assume a role › use instance profiles
Use instance profiles - AWS Identity and Access Management
Use an instance profile to pass an IAM role to an EC2 instance. For more information, see IAM roles for Amazon EC2 in the Amazon EC2 User Guide. If you use the AWS Management Console to create a role for Amazon EC2, the console automatically creates an instance profile and gives it the same ...
CloudFormation stack creation failing with "Value (IAM Name) for parameter iamInstanceProfile.name is invalid. "
I am using a simple CF template to create an EC2 machine, please tell me what is wrong . I want to use an existing policy and not create new: AWSTemplateFormatVersion: "2010-09-09" Description: A ... More on repost.aws
3
0
July 27, 2022amazon web services - Associate existing IAM role with EC2 instance in CloudFormation - Stack Overflow
How can I use an existing IAM role for an EC2 instance, as opposed to creating a new one in my CloudFormation template? For example, I have created a role in AWS Console and just want to use that. ... You can use an existing InstanceProfile instead of creating a new one from within the stack. More on stackoverflow.com
Why Do EC2s Use IAM Instance Profiles Instead of Using IAM Roles Directly?
I agree this does seem like an anti-pattern compared to their modern computing services like lambda, as you pointed out.
I would bet its basically a legacy pattern that they haven't gotten around to replacing yet because of backwards compatibility issues or the the engineering complexity involved, etc.
Would be curious to hear an official reasoning from AWS.
More on reddit.com 11
13
March 27, 2019What is an EC2 Instance Profile?
That’s kinda an old thing. Before nowadays you couldn’t even change profile for launched instance, but you could change a role attached. Think of it as of a single identity that a group of instances can have (e.g. your scalegroup instances share single instance profile, hence a single entity name assuming a role) More on reddit.com
11
12
December 23, 2024Videos
04:24
What is an AWS IAM Instance Profile? 🤔 | AWS IAM Training 🚀 ...
IAM Roles & EC2 Instance Profile - Connecting EC2 to DynamoDB | ...
04:40
11 10 EC2 Instance Profile, Demo - YouTube
04:34
EC2 Attach IAM Role to Instance | AWS For Everyone
23:58
The Unholy Marriage of AWS IAM Roles and Instance Profiles - Andre ...
03:46
Create IAM Role and Attach it to the EC2 Instance - YouTube
Reddit
reddit.com › r/aws › what is an ec2 instance profile?
r/aws on Reddit: What is an EC2 Instance Profile?
December 23, 2024 -
I was going through Documentation and couldn't figure out what Instance profile is. It says it is a container for IAM role. But why? Like other services have nothing like that. What does it do and what is its purpose?
The doc also says that you have to manually create Instance profile when creating from cli, cloudformation etc. I don't remember creating it when using Terraform or CDK.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
Top answer 1 of 6
10
That’s kinda an old thing. Before nowadays you couldn’t even change profile for launched instance, but you could change a role attached. Think of it as of a single identity that a group of instances can have (e.g. your scalegroup instances share single instance profile, hence a single entity name assuming a role)
2 of 6
4
Instance profile is what you attach to EC2 instance to give permissions to the instance. An IAM Role is attached to the instance profile. So attaching the instance profile to the EC2 will give the permission of your IAM Role. Using the console, when you create IAM Role for EC2, it creates automatically the instance profile with the same name. That’s why « you can directly use the role for the ec2 instance ». Behind the scene, it creates automatically instance profile with the same name. Using the console, you can’t just create an instance profile. Using CLI, or SDK : you can create an instance profile with specific name, an IAM role with specific and attach the IAM Role to the instance profile. When using Terraform, you have to create the instance profile. (In your aws_instance resource you specify the instance profile, not an IAM Role) Except if you have a module creating it automatically and the notion of instance profile is hidden in your side ; even if you still use instance profile in the aws_instance resource
Pulumi
pulumi.com › registry › aws › api docs
aws.iam.InstanceProfile | Pulumi Registry
import pulumi import pulumi_aws as aws assume_role = aws.iam.get_policy_document(statements=[{ "effect": "Allow", "principals": [{ "type": "Service", "identifiers": ["ec2.amazonaws.com"], }], "actions": ["sts:AssumeRole"], }]) role = aws.iam.Role("role", name="test_role", path="/", assume_role_policy=assume_role.json) test_profile = aws.iam.InstanceProfile("test_profile", name="test_profile", role=role.name)
AWS
docs.aws.amazon.com › aws identity and access management › api reference › data types › instanceprofile
InstanceProfile - AWS Identity and Access Management
The stable and unique string identifying the instance profile. For more information about IDs, see IAM identifiers in the IAM User Guide.
DEV Community
dev.to › yuta28 › what-is-iam-instance-profile-3h28
What is IAM instance profile? - DEV Community
December 16, 2024 - # CloudFormation template file ... ec2.amazonaws.com Action: - sts:AssumeRole # Need to create an IAM instance profile IAMInstanceProfile: Type: 'AWS::IAM::InstanceProfile' Properties: Path: '/' InstanceProfileName: !Ref IAMRole Roles: - !Ref IAMRole...
Uptycs
uptycs.com › blog › aws-iam-roles-instance-profiles
An Unholy Marriage: AWS Instance Profile & IAM Role
January 29, 2026 - Instance profile: Beyond being a cost center, an instance profile serves as a bridge for IAM roles. When you add a tag or an iam tag, especially when tagging IAM resources, you streamline and refine permissions.
GitHub
github.com › Tiamatt › Mastering-AWS-CloudFormation › blob › main › IAM › Roles-InstanceProfile.yaml
Mastering-AWS-CloudFormation/IAM/Roles-InstanceProfile.yaml at main · Tiamatt/Mastering-AWS-CloudFormation
Type: 'AWS::IAM::InstanceProfile' Properties: · InstanceProfileName: !Ref paramInstanceProfileName · Roles: # (required) existing role name to associate with the instance profile · # Note: only one role can be assigned to an EC2 instance at a time, but type is 'List of String' - !Ref paramRoleName ·
Author Tiamatt
DevOps Cube
devopscube.com › aws-iam-role-instance-profile
AWS IAM Role and Instance Profile Explained
June 28, 2025 - The temporary credentials are made available through the instance metadata at http://169.254.169.254/latest/meta-data/iam/security-credentials/role_name. AWS SDKs and CLI make use of these credentials when required.
Ansible
docs.ansible.com › projects › ansible › latest › collections › amazon › aws › iam_instance_profile_module.html
amazon.aws.iam_instance_profile module – manage IAM instance profiles — Ansible Community Documentation
- name: Create Instance Profile amazon.aws.iam_instance_profile: name: "ExampleInstanceProfile" role: "/OurExamples/MyExampleRole" path: "/OurExamples/" tags: ExampleTag: Example Value register: profile_result - name: Create second Instance Profile with default path amazon.aws.iam_instance_profile: name: "ExampleInstanceProfile2" role: "/OurExamples/MyExampleRole" tags: ExampleTag: Another Example Value register: profile_result - name: Find all IAM instance profiles starting with /OurExamples/ amazon.aws.iam_instance_profile_info: path_prefix: /OurExamples/ register: result - name: Delete second Instance Profile amazon.aws.iam_instance_profile: name: "ExampleInstanceProfile2" state: absent
AWS re:Post
repost.aws › questions › QUCh9hTPL5ST2JaGcj-jb_HA › cloudformation-stack-creation-failing-with-value-iam-name-for-parameter-iaminstanceprofile-name-is-invalid
CloudFormation stack creation failing with "Value (IAM Name) for parameter iamInstanceProfile.name is invalid. " | AWS re:Post
July 27, 2022 - If you use the Amazon EC2 console to launch an instance with an IAM role or to attach an IAM role to an instance, you choose the role based on a list of instance profile names. If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, with potentially different names.
Terraform Registry
registry.terraform.io › providers › hashicorp › aws › latest › docs › data-sources › iam_instance_profile
aws_iam_instance_profile | Data Sources | hashicorp/aws
Registry · Please enable Javascript to use this application
Top answer 1 of 6
34
You can use an existing InstanceProfile instead of creating a new one from within the stack. In fact, one might already be created for you - from the docs:
If you use the AWS Management Console to create a role for Amazon EC2, the console automatically creates an instance profile and gives it the same name as the role.
This means that you might not have to create an AWS::IAM::InstanceProfile resource in the stack. However note that also:
The console does not create an instance profile for a role that is not associated with Amazon EC2.
In this case you can do it manually from AWS CLI using these 2 commands:
aws iam create-instance-profile --instance-profile-name MyExistingRole
aws iam add-role-to-instance-profile --instance-profile-name MyExistingRole --role-name MyExistingRole
Then, provided you've defined a role in the UI named MyExistingRole, this will be sufficient:
"Resources" : {
"Instance" : {
"Type" : "AWS::EC2::Instance",
...
"Properties" : {
"IamInstanceProfile" : "MyExistingRole",
...
}
}
}
2 of 6
30
You need an instance profile, a role, and the instance info (or launch configuration) itself.
Your instance profile would look like this:
"Resources" : {
"InstanceProfile" : {
"Type" : "AWS::IAM::InstanceProfile",
"Properties" : {
"Path" : "/",
"Roles" : ["MyExistingRole"]
}
},
"Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"IamInstanceProfile" : {"Ref" : "InstanceProfile"}
...
}
}
In particular - note that the reference in the Instance profile is to an existing RoleName
Also - I've written about bootstrapping instances which uses instance profiles and roles to ensure we're not persisting security.
The key thing is rather than using the {"Ref" : RoleName} etc, to use the actual name of the role.
OpenTofu
search.opentofu.org › provider › hashicorp › aws › v6.0.0 › docs › datasources › iam_instance_profile
AWS: aws_iam_instance_profile - v6.0.0 - hashicorp/aws
A fast and easy-to-use UI for quickly browsing and viewing OpenTofu modules and providers.
OneUptime
oneuptime.com › home › blog › how to create iam instance profiles with opentofu
How to Create IAM Instance Profiles with OpenTofu
March 20, 2026 - # Instance profile is a container for the IAM role # EC2 instances are assigned the profile, not the role directly resource "aws_iam_instance_profile" "app_server" { name = "${var.app_name}-instance-profile" role = aws_iam_role.app_server.name ...
Composio
composio.dev › toolkits › databricks › claude cowork integration
How to connect Databricks to Claude Cowork
1 week ago - Get IAM Account Group V2Tool to retrieve a specific group resource by its unique identifier from a Databricks account using SCIM v2 protocol.
Terraform Registry
registry.terraform.io › providers › hashicorp › aws › latest › docs
Docs overview | hashicorp/aws | Terraform | Terraform Registry
When the AWS Provider is running on an EC2 instance with an IAM Instance Profile set, the provider can source credentials from the EC2 Instance Metadata Service.
Medium
aws.plainenglish.io › ec2-iam-role-iam-instance-profile-as-code-4fae66e05651
EC2 IAM Role/IAM Instance Profile as Code | by Luthfi Anandra | AWS in Plain English
January 2, 2023 - This AWS Access Key and Secret Access Key will used as credential for Terraform on our local notebook so that Terraform can access to API on AWS and can create services from code.
ClassMethod
dev.classmethod.jp › articles › do_you_know_iaminstanceprofile
EC2にIAMRole情報を渡すインスタンスプロファイルを知っていますか? | DevelopersIO
Resources: ### Create IAM Role myRole: Type: "AWS::IAM::Role" Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: Service: - "ec2.amazonaws.com" Action: - "sts:AssumeRole" Path: "/" RoleName: test-role ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonS3FullAccess ### Create IAM Profile myInstanceProfile: Type: "AWS::IAM::InstanceProfile" Properties: Path: "/" Roles: - !Ref myRole ### Create EC2 myEC2: Type: "AWS::EC2::Instance" Properties: AvailabilityZone: ap-northeast-1a IamInstanceProfile: !Ref myInstanceProfile ImageId: ami-56d4ad31 InstanceType: t2.micro KeyName: test-key SecurityGroupIds: - sg-XXXXXXXX SubnetId: subnet-XXXXXXXX
Amazon Web Services
docs.aws.amazon.com › aws identity and access management › user guide › iam identities › iam roles › iam role management › delete roles or instance profiles
Delete roles or instance profiles - AWS Identity and Access Management
The list includes the Amazon Resource Name (ARN) of each role. Use the role name, not the ARN, to refer to roles with the CLI commands. For example, if a role has the following ARN: arn:aws:iam::123456789012:role/myrole, you refer to the role as myrole.