amazon-web-services - IAM 实例配置文件名称无效

标签 amazon-web-services amazon-ec2 terraform

我正在创建一个 Terraform 脚本,它创建一个 IAM 角色,由 EC2 实例通过启动模板承担。我有一个简单的 lambda 函数 (boto3/python),它使用启动模板创建/启动 EC2 实例。但是,当我运行 lambda 函数时出现此错误:

"errorMessage": "An error occurred (InvalidParameterValue) when calling the RunInstances operation:
Value (arn:aws:iam::xxx:instance-profile/RigstopgapInstanceProfile) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name",
  "errorType": "ClientError",

我的地形代码是这个:

resource "aws_launch_template" "rig_stopgap" {
  name          = "rig_stopgap"
  image_id      = var.ami_image
  instance_type = var.instance_type

  iam_instance_profile {
    name = aws_iam_instance_profile.rig_stopgap.arn
  }
  ...
}

resource "aws_iam_instance_profile" "rig_stopgap" {
  name = "RigstopgapInstanceProfile"
  role = aws_iam_role.rigs_stopgap_ec2.name
}

# EC2 "Trust relationships" policy (necessary to allow the instance to assume a role)
data "aws_iam_policy_document" "trust_relationships_ec2_policy" {
  statement {
    actions = ["sts:AssumeRole"]
    principals {
      type        = "Service"
      identifiers = ["ec2.amazonaws.com"]
    }
  }
}

# EC2 main policy
resource "aws_iam_policy" "rigs_stopgap_ec2_policy" {
  name        = "RigsStopgapPolicy"
  description = "Rigs Stopgap Policy allowing access to all of the necessary resources"

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "dynamodb:UpdateItem"
      ],
      "Effect": "Allow",
      "Resource": "${aws_dynamodb_table.rigs_stopgap.arn}"
    }
  ]
}
EOF
}

# Attach the ec2 policy 
resource "aws_iam_role_policy_attachment" "attach_ec2_instance_policy" {
  role       = aws_iam_role.rigs_stopgap_ec2.name
  policy_arn = aws_iam_policy.rigs_stopgap_ec2_policy.arn
}

resource "aws_iam_role" "rigs_stopgap_ec2" {
  name               = "RigsStopgapRole"
  assume_role_policy = data.aws_iam_policy_document.trust_relationships_ec2_policy.json
  tags               = var.common_tags
}

我的 Lambda 代码:

import boto3

ec2 = boto3.resource('ec2')
lt = {
    'LaunchTemplateName': 'rig_stopgap',
    'Version': '$Latest'
}


def handler(event, context):

    instances = ec2.create_instances(
        LaunchTemplate=lt,
        MinCount=1,
        MaxCount=1
    )

我错过了什么?

更新: 当我在 AWS 控制台中打开启动模板并导航到实例配置文件部分时,它显然找不到它: enter image description here

最佳答案

我不熟悉 Terraform,但看起来您提供的只是一个 ARN,而它只是想要一个名称:

  iam_instance_profile {
    name = aws_iam_instance_profile.rig_stopgap.arn
  }

尝试只提供角色的名称,而不是提供 ARN。

关于amazon-web-services - IAM 实例配置文件名称无效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65213153/

上一篇:r - R 中是否有生成唯一组合及其频率的解决方案?

下一篇:Angular Material主题化/改变边界半径

相关文章:

sql - Athena/SQL 查询以获得所需结果

python - 使用 boto3 从 EC2 实例附加/分离安全组

python - 亚马逊网络服务 : -bash: activate: No such file or directory

amazon-web-services - 获得许可被拒绝(公钥)。在 AWS EC2 实例中设置 hadoop 集群时出错

Azure 区域 - "Stage"是什么意思?

ansible - 检测 Terraform 中的 Ansible 更改并执行它们

amazon-web-services - 如何防止通过Auto Scaling终止EC2实例?

Mysql 只允许用户从特定的 DNS 连接

java - 无法使用 Eclipse 访问 Amazon RDS

aws-api-gateway - Terraform - AWS - API 网关依赖难题

©2024 IT工具网  联系我们