how to set an existing IAM role to a new instance while spinning in terraform
Question
I am trying to attach an existing role created in AWS, but i am not able to add it in Terraform Code. I tried to add the role in instance profile but it didnt work either for me.
Is there any direct way to add it in the resource in terraform code.??
iam_instance_profile = "my-role"
my-role is having the full access of ec2.
2 answers
solution1
2 2018-05-01 17:48:21
iam_instance_profile = "my-role"
is the correct way to assign an IAM instance profile to an instance. It is likely you do not have the permissions to assign an instance profile. Make sure whoever is running the Terraform script has iam:PassRole permission. It is often overlooked.
solution2
2 ACCPTED 2018-05-08 02:09:20
I followed the process which @helloV mentioned in the previous post for using the existing role in terraform/cfn.
Step1: Create a new custom policy and add the following content.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:PassRole"
],
"Resource": "arn:aws:iam::<account-id>:role/<role-name>"
}]
}
In the above json snippet change the account-id and role-name accordingly.
Step2:
Attach the new created custom policy with the existing IAM Role.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.