Boto3 : Invalid IAM Instance Profile ARN when calling client.associate_iam_instance_profile
Question
Steps that brought this error
- Disassociated a instance profile from an ec2 instance (successful)
- Associating a new instance profile to the EC2 instance. This fails with an error:
Value (arn:aws:iam::1234556:instance-profile/test-instance-profile) for parameter iamInstanceProfile.arn is invalid. Invalid IAM Instance Profile ARN
code
client.associate_iam_instance_profile(
IamInstanceProfile={
'Arn': 'arn:aws:iam::1234556:instance-profile/test-instance-profile'
},
InstanceId=instance_id
)
I verified the the instance profile exists before associating it
1 answers
solution1
1 ACCPTED 2021-03-20 08:41:36
Based on the comments, trust policy in the IAM role was missing for EC2
The delay you are seeing for InstanceProfile is intended; this is to account for and ensure the IAM service has propagated the profile fully. We do apologize for any inconvenience this may cause.
AWS::IAM::InstanceProfile resources always take exactly 2 minutes to create
Even though the above post is a bit old, and AWS mimimise the delay, but it still exists.
Invalid IAM Instance Profile name #15341
This happened to me as well. There seems to be some race condition for newly created profiles. When I wait a short period and rerun the terraform it succeeds.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.