Boto3:调用时 IAM 实例配置文件 ARN 无效 client.associate_iam_instance_profile
Boto3 : Invalid IAM Instance Profile ARN when calling client.associate_iam_instance_profile
导致此错误的步骤
- 取消实例配置文件与 ec2 实例的关联(成功)
- 正在将新的实例配置文件关联到 EC2 实例。这失败并出现错误:
Value (arn:aws:iam::1234556:instance-profile/test-instance-profile) for parameter iamInstanceProfile.arn is invalid. Invalid IAM Instance Profile ARN
代码
client.associate_iam_instance_profile(
IamInstanceProfile={
'Arn': 'arn:aws:iam::1234556:instance-profile/test-instance-profile'
},
InstanceId=instance_id
)
我在关联之前验证了实例配置文件存在
根据评论,EC2
的 IAM 角色中缺少 trust policy
您看到的 InstanceProfile 延迟是有意为之;这是为了说明并确保 IAM 服务已完全传播配置文件。对于由此造成的任何不便,我们深表歉意。
AWS::IAM::InstanceProfile resources always take exactly 2 minutes to create
虽然上面的post有点老了,而且AWS mimimise了延迟,但它仍然存在。
Invalid IAM Instance Profile name #15341
This happened to me as well. There seems to be some race condition for newly created profiles. When I wait a short period and rerun the terraform it succeeds.
导致此错误的步骤
- 取消实例配置文件与 ec2 实例的关联(成功)
- 正在将新的实例配置文件关联到 EC2 实例。这失败并出现错误:
Value (arn:aws:iam::1234556:instance-profile/test-instance-profile) for parameter iamInstanceProfile.arn is invalid. Invalid IAM Instance Profile ARN
代码
client.associate_iam_instance_profile(
IamInstanceProfile={
'Arn': 'arn:aws:iam::1234556:instance-profile/test-instance-profile'
},
InstanceId=instance_id
)
我在关联之前验证了实例配置文件存在
根据评论,EC2
trust policy
您看到的 InstanceProfile 延迟是有意为之;这是为了说明并确保 IAM 服务已完全传播配置文件。对于由此造成的任何不便,我们深表歉意。
AWS::IAM::InstanceProfile resources always take exactly 2 minutes to create
虽然上面的post有点老了,而且AWS mimimise了延迟,但它仍然存在。
Invalid IAM Instance Profile name #15341
This happened to me as well. There seems to be some race condition for newly created profiles. When I wait a short period and rerun the terraform it succeeds.