CODEWITHSUNDEEP
amazon-web-servicesboto3amazon-iamboto
mwaks
mwaks

Reputation: 389

Boto3 : Invalid IAM Instance Profile ARN when calling client.associate_iam_instance_profile

Steps that brought this error

  1. Disassociated a instance profile from an ec2 instance (successful)
  2. Associating a new instance profile to the EC2 instance . This fails with an error:
Value (arn:aws:iam::1234556:instance-profile/test-instance-profile) for parameter iamInstanceProfile.arn is invalid. Invalid IAM Instance Profile ARN

code

client.associate_iam_instance_profile(
            IamInstanceProfile={
                'Arn': 'arn:aws:iam::1234556:instance-profile/test-instance-profile'
            },
            InstanceId=instance_id
        )

I verified the the instance profile exists before associating it

Upvotes: 2

Views: 3324

Answers (1)

samtoddler
samtoddler

Reputation: 9615

Based on the comments, trust policy in the IAM role was missing for EC2

The delay you are seeing for InstanceProfile is intended; this is to account for and ensure the IAM service has propagated the profile fully. We do apologize for any inconvenience this may cause.

AWS::IAM::InstanceProfile resources always take exactly 2 minutes to create

Even though the above post is a bit old, and AWS mimimise the delay, but it still exists.

Invalid IAM Instance Profile name #15341

This happened to me as well. There seems to be some race condition for newly created profiles. When I wait a short period and rerun the terraform it succeeds.

Upvotes: 4

Related Questions