Issue
I am trying to create via ansible with the following code:
– name: Create EC2 Instance(s)
ec2:
region: “{{ vpc_region }}”
instance_profile_name: “{{ instance_profile_name }}”
group: “{{ ec2_security_group_name }}”
keypair: “{{ ec2_key_name }}”
…..
Still it always output the following:
TASK [scanner : Create EC2 Instance(s)] ****************************************
fatal: [127.0.0.1]: FAILED! => {“changed”: false, “failed”: true, “msg”: “Instance creation failed => InvalidParameterValue: Value (my-role-for-ansible) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name”}
Although i think i defined the right policies to my user in AWS as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt14844231360000",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::11111111:role/my-role-for-ansible"
]
}
]
}
Anything wrong with the above?
Solution
This occurs because you must create an additional IAM role, an instance profile.
You can attach an IAM instance profile to an Amazon EC2 instance as you launch it or to a previously launched instance. For more information, see Instance Profiles.
I resolved this issue by following the console instructions section of these AWS docs.
The key part is step 9 of the aforementioned instructions (linked above):
On the Create role page, choose AWS service, and from the Choose the service that will use this role list, choose EC2.
Once you associate the role with the specific service type (in my case, EC2), then it all works.
Answered By - arcseldon
