Deployment of Controller in AWS [LAB] Fails


I have spent probably 5 hours on trying to get a controller deployed into AWS. Using the information here:

After the first time I attempted it, I am to log into the controller and reset the password. I, then, failed to add my AWS account using the wizard from the first screen. 

The error message tells me the role "aviatrix-role-ec2" is not assigned and go to the link above and re-run the cloudformation. 

I have attempted to run this. However, when I am setting up template to deploy the system through Cloud formation is failed because the role "aviatrix-role-ec2" exists. However, if I go to IAM, it is NOT there, but for some reason, on the Cloudformation Stack Step 2: IAM role creation, it is listed. Yes, I've tried to use and it still failed.

So I think I have the following two options:

1) figure out how to remove the 'ghosting' IAM role

2) figure out how to manually configure everything to work with the instance.

There doesn't seem to be anyway to manually deploy or delete the settings for the controller in case there was something wrong when running Cloudformation.


Thanks everyone for the help. Here's the way I went about to fix it:

I setup an Amazon Linux 2 VM in VMware Workstation

- Info:

- Download:

After importing the VM, you need to fix the passwords and SSH configuration. I followed Shehu Awwal's blog:

Then, you need to create a user at the IAM console ( - Guide:

You need to create a Policy with the "iam:DeleteInstanceProfile" action assigned to the above user created in the previous step.

After that, you can follow AWS Guide to deleting IAM Roles:

Specifically, I removed the Instance role: "aviatrix-role-ec2"

Re-ran the Cloudformation script and it completed without error.


Best answer by Dana_Yanch 7 July 2020, 20:33

View original

11 replies

Userlevel 6
Badge +6

Are you still able to loing to the Aviatrix Controller? If you do, then we can probably fix it without re-deploying or re-running the Cloud Formation.


"aviatrix-role-ec2" needs to be removed via AWSCli if you wish to rerun the CloudFormation Template.

Badge +2

Hi Jesse, I believe I ran into the same issue recently. If I remember correctly I solved it by adding the IAM role manually.


Aaron Foltz You know I was considering that. Why does it do that? I mean if you go to IAM Roles and remove it, shouldn't it also remove it without the cli?


Shahzad Ali I can log into the Controller but just can't attach my AWS account. I will probably try Aaron Foltz idea and just use the AWS cli to remove the role that way. It just strange it lets me delete the item from the IAM dashboard but doesn't completely remove it.


Jesse Spangenberger It's not the Role that is hanging around, it is the InstanceProfile. You can not remove those via the Portal, you must use the CLI.

Badge +2

Jesse Spangenberger Ran into this with a customer the other day as well. It seems to be an AWS bug where the role is stuck, but not seen in the console. CLI fixed it.   Let us know if we can assist with the deployment again, I am sure any one of us here would be happy to jump on a call with you and be there to help launch it. 


Dana Yanch You know: I was guess it might be. I just haven't had a chance to work with it yet. Just finished up another cert this morning and plan on taking this on Friday. Thanks for the info.


Dana Yanch Also, this probably should be noted on the page regarding the deployment!

Badge +2

Jesse Spangenberger You are right. I will talk to the doc team about this.   Good luck with the cert. Let me know if you need anything. 

Badge +2

Aaron Foltz Good information.