How to use instance profile credentials available on running ec2 instance?
Question
I want to create tags from within the running ec2 instance, for that I need credentials and I wanted to use the credentials available at curl -s http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance . I set access key, secret key and session token as env variables from the above url. Now I tried
aws ec2 create-tags --resources i-instanceid --tags Key=Test,Value=Testing --region us-east-1
its giving me the following error
An error occurred (UnauthorizedOperation) when calling the CreateTags operation: You are not authorized to perform this operation. Encoded authorization failure message
2 answers
solution1
0 2019-10-11 08:47:39
You can use these credentials by invoking aws cli without any parameters related to credentials, it will try to pick up the creds from the instance profile. Your problem is not that you do not have the credentials but that you do not have permission to invoke CreateTags operation. As the error message says it is an authorization problem not an authentication one. You need to change the instance profile policy and include the capability to change instance tags.
More here:
solution2
0 2019-10-11 09:05:20
Check if your role allows you to create, list, delete tags on EC2 or if you require a custom policy attached with this role to allow these actions.
In summary, you should have:
{
"Effect": "Allow",
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.