To use the EC2 Recovery Kit, the instance must have Roles that are allowed to update the RouteTable entries or reassign ENI (Elastic Network Interface).
To achieve this, create a policy as seen below (note that it might be desirable to limit the resources that may be accessed), then assign it to a Role.
Once a Role is defined, assign it to the EC2 instances.
Thanks for your feedback.
Post your comment on this topic.