Checking for a Worker Node Instance Profile

  1. Using the Find Services search tool, browse to the IAM dashboard.
  2. In the left navigation panel, under Access management, click Roles to get a list of existing roles.
  3. In the search box, specify the Worker Nodes role name (from the AWS worksheet) to filter it from the other roles.

 

 

  1. Click the role name to get its details, then check the row Instance Profile ARNs.

     

     

    1. (Conditional) If no instance profile has been assigned to the role (that is, the row Instance Profile is empty, as illustrated here), then continue with creating an instance profile.
    2. (Conditional) If the row Instance Profile ARNs is filled, then record the value in the AWS worksheet.
The Instance Profile creation guide works only on the command-line interface. It is not possible to create a separate instance profile without an assigned role.
  1. Run the following command:
    # aws iam list-instance-profiles-for-role \
    --role-name <Workernodes role name from AWS worksheet>

Example:
# aws iam list-instance-profiles-for-role \
--role-name ARST-EKS-Workers-Custom-Role

The command will return only of the following outputs:

No instance profile for the role exists. Example output for this case:

{
   "InstanceProfiles":[
      
   ]
}
An instance profile exists for the role. Example output for this case:
{
   "InstanceProfiles":[
      {
         "Path":"/",
         "InstanceProfileName":"ARST-EKS-Workers-Custom-Role",
         "InstanceProfileId":"AIPARVXFDN4TBQBCRKX45",
         "Arn":"arn:aws:iam::115370811111:instance-profile/ARST-EKS-Workers-Custom-Role",
         "CreateDate":"2020-06-16T05:57:59+00:00",
         "Roles":[
            {
               "Path":"/",
               "RoleName":"ARST-EKS-Workers-Custom-Role",
               "RoleId":"AROARVXFDN4TNRSAMVCVX",
               "Arn":"arn:aws:iam::115370811111:role/ARST-EKS-Workers-Custom-Role",
               "CreateDate":"2020-06-16T05:57:58+00:00",
               "AssumeRolePolicyDocument":{
                  "Version":"2012-10-17",
                  "Statement":[
                     {
                        "Effect":"Allow",
                        "Principal":{
                           "Service":"ec2.amazonaws.com"
                        },
                        "Action":"sts:AssumeRole"
                     }
                  ]
               }
            }
         ]
      }
   ]
}
  1. Do one of the following:
    • (Conditional) If no instance profile exists for the role, proceed with creating an instance profile, OR,
    • (Conditional) If the instance profile already exists for the role, record its name (InstanceProfiles -> InstanceProfileName) and ARN (InstanceProfile -> Arn) in the AWS worksheet, then continue with the procedure to create a launch template.

Next Step: Create an Instance Profile