Service-linked role permissions Create a service-linked role Edit a service-linked role Delete a service-linked role

Service-linked role for EC2 Instance Connect Endpoint

Amazon EC2 uses AWS Identity and Access Management (IAM) service-linked roles. A service-linked role is a unique type of IAM role that is linked directly to Amazon EC2. Service-linked roles are predefined by Amazon EC2 and include all the permissions required so that Amazon EC2 can call other AWS services on your behalf. For more information, see Using service-linked roles in the IAM User Guide.

Service-linked role permissions for EC2 Instance Connect Endpoint

Amazon EC2 uses AWSServiceRoleForEC2InstanceConnect to create and manage network interfaces in your account that are required by EC2 Instance Connect Endpoint.

The AWSServiceRoleForEC2InstanceConnect service-linked role trusts the following services to assume the role:

ec2-instance-connect.amazonaws.com

The AWSServiceRoleForEC2InstanceConnect service-linked role uses the managed policy Ec2InstanceConnectEndpoint. To view the permissions for this policy, see Ec2InstanceConnectEndpoint in the AWS Managed Policy Reference.

You must configure permissions to allow an IAM entity (such as a user, group, or role) to create, edit, or delete a service-linked role. For more information, see Service-linked role permissions in the IAM User Guide.

Create a service-linked role for EC2 Instance Connect Endpoint

You don't need to manually create the service-linked role. When you create an EC2 Instance Connect Endpoint, Amazon EC2 creates the service-linked role for you.

Edit a service-linked role for EC2 Instance Connect Endpoint

EC2 Instance Connect Endpoint doesn't allow you to edit the AWSServiceRoleForEC2InstanceConnect service-linked role.

Delete a service-linked role for EC2 Instance Connect Endpoint

If you no longer need to use EC2 Instance Connect Endpoint, we recommend that you delete the AWSServiceRoleForEC2InstanceConnect service-linked role.

You must delete all EC2 Instance Connect Endpoint resources before you can delete the service-linked role.

To delete the service-linked role, see Deleting a service-linked role in the IAM User Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Delete an EC2 Instance Connect Endpoint

Quotas