Ensure an IAM role is attached to EC2 instance

Error: AWS EC2 Instance IAM Role not enabled

Bridgecrew Policy ID: BC_AWS_IAM_69
Checkov Check ID: CKV_AWS_33
Severity: MEDIUM

AWS EC2 Instance IAM Role not enabled

Description

AWS provides Identity Access Management (IAM) roles to securely access AWS services and resources. The role is an identity with permission policies that define what the identity can and cannot do in AWS. As a best practice, create IAM roles and attach the role to manage EC2 instance permissions securely instead of distributing or sharing keys or passwords

Fix - Buildtime

Terraform

  • Resource: aws_instance
  • Argument: iam_instance_profile
resource "aws_instance" "pass" {
  ami           = "ami-005e54dee72cc1d00" # us-west-2
  instance_type = "t2.micro"
  iam_instance_profile = "test"

  network_interface {
    network_interface_id = aws_network_interface.foo.id
    device_index         = 0
  }

  credit_specification {
    cpu_credits = "unlimited"
  }
}