Cannot complete server configuration "please attach an IAM role to continue" - converting an IAM user to an IAM role
On a new install or after upgrading CPM, you may be met with an error on step 3 of initial configuration which does not allow you to proceed.
"It seems this instance does not have an IAM role associated with it. Please attach an IAM role to continue"
Due to a change in v2.4.0, it is now necessary to attach an IAM role with permissions to the CPM server instance.
Upgrading by patch may not show the above error. Please ensure the CPM server instance is configured with an IAM role as shown below.
Upgrading by patch may not show the above error. Please ensure the CPM server instance is configured with an IAM role as shown below.
If you have an existing IAM role with sufficient permissions, it can be attached to the CPM server instance via EC2 Management Console, as shown in the screenshots below:
If you don't have a sufficient IAM role, or this is your first time configuring CPM, please create a new IAM policy with at least the minimum required permissions for CPM to communicate with AWS, shown in the following link:
Then following steps below, create a new IAM role using the just created IAM policy.
Alternatively, if you have previously utilized IAM user authentication, switching to using an IAM role is a simple matter of assigning the same policies currently given to the IAM user or IAM group, to a new IAM role. More details below:
Converting an IAM user to IAM role and assigning to the CPM server:
To create an IAM role with the same permissions as the previous IAM user, first open the IAM console in AWS, then you must find what policy your IAM user for CPM previously utilized.
Discovering policies directly attached to a user:
Its possible the user may not have any directly attached policies. In this case, check for policies attached to the group(s) the user belongs to.
Discovering policies attached to a group:
Once you know which policies the IAM user for CPM had been using, you can then create a new role:
Make sure it is an EC2 role:
Then assign the policies discovered previously:
Name the role:
Then attach it to the CPM server instance:
And finally select the role just created:
Be sure to click apply when complete.
You should now be able to proceed with CPM server configuration.
Related Articles
CPM Server may display error "Problem Occurred (500)" during initial configuration
CPM Server may display error "Problem Occurred (500)" during initial configuration: A Problem Occurred(500) Sorry, but there was an error while processing your request The most likely reason for this is lack of some of the permissions required for ...CPM configuration may fail with the error: "Could not attach volume %vol-id% to instance %Id% Reason: Invalid value '/dev/sdf' for unixDevice. Attachment point /dev/sdf is already in use"
Issue: CPM configuration may fail with the error: "Could not attach volume %vol-id% to instance %Id% Reason: Invalid value '/dev/sdf' for unixDevice. Attachment point /dev/sdf is already in use" ERROR: done(views.py:181) Could not attach volume ...Permission check may fail with an error "Could not assume role"
Issue: Permission check may fail with this error message: ERROR: get_assume_role_credentials(aws_utils.py:1337) Could not assume role arn arn:<AWS account ARN:RoleName> from account <CPM Account> (<CPM user>), reason User arn:<AWS account ARN:IAM ..."Worker did not establish connection" and " worker did not complete initializing" errors during S3 and FLR
During S3 operations, you may encounter the message "Worker i-... did not establish connection" in the log of an S3 copy or S3 restore operation. Error - Worker i-1234567890abcdef did not establish connection - terminating operation During File Level ...CPM Server may display error "Problem Occurred (500)" during the Identity Provider configuration
CPM Server may display error "Problem Occurred (500)" during IdP configuration: Error message: A Problem Occurred(500) Sorry, but there was an error while processing your request This error appears after you hit the 'Apply' button. The most likely ...