IAM role fails to give permission to an EC2 instance

Question

I want to run aws ec2 describe-instances in an AWS EC2.

So I attach an IAM role to the EC2. This IAM role contains AmazonEC2FullAccess , and AmazonS3FullAccess permissions.

I then execute aws ec2 describe-instances command in the EC2.

But I get You must specify a region. You can also configure your region by running "aws configure". You must specify a region. You can also configure your region by running "aws configure". as the return message.

Why doesn't AmazonEC2FullAccess give the permissions required to run aws ec2... to the EC2?

I can successfully run aws s3 ls command in the EC2.

This seems to imply that AmazonS3FullAccess successfully grants permission to the EC2, but AmazonEC2FullAccess fails to grant the permission.

Answer 1

The region is required for the AWS CLI:

For example:

aws ec2 describe-instances --region us-east-1

It worked for S3, because (I think) S3 bucket names have global scope. Instances are regional only.

Similarly, you can run iam , route53 or cloudfront commands without region as they have global scope, eg

aws iam list-users

aws route53 list-hosted-zones

aws cloudfront list-distributions