On a new install or after upgrading CPM, you may be met with an error on step 3 of initial configuration which does not allow you to proceed.
"It seems this instance does not have an IAM role associated with it. Please attach an IAM role to continue"
Due to a change in v2.4.0, it is now necessary to attach an IAM role with permissions to the CPM server instance.
Upgrading by patch may not show the above error. Please ensure the CPM server instance is configured with an IAM role as shown below.
If you have an existing IAM role with sufficient permissions
, it can be attached to the CPM server instance via EC2 Management Console, as shown in the screenshots below:
If you don't have a sufficient IAM role, or this is your first time configuring CPM, please create a new IAM policy with at least the minimum required permissions for CPM to communicate with AWS, shown in the following link:
Then following steps below, create a new IAM role using the just created IAM policy.
Alternatively, if you have previously utilized IAM user authentication, switching to using an IAM role is a simple matter of assigning the same policies currently given to the IAM user or IAM group, to a new IAM role. More details below:
Converting an IAM user to IAM role and assigning to the CPM server:
To create an IAM role with the same permissions as the previous IAM user, first open the IAM console in AWS, then you must find what policy your IAM user for CPM previously utilized.
Discovering policies directly attached to a user:
Its possible the user may not have any directly attached policies. In this case, check for policies attached to the group(s) the user belongs to.
Discovering policies attached to a group:
Once you know which policies the IAM user for CPM had been using, you can then create a new role:
Make sure it is an EC2 role:
Then assign the policies discovered previously:
Name the role:
Then attach it to the CPM server instance:
And finally select the role just created:
Be sure to click apply when complete.
You should now be able to proceed with CPM server configuration.