EC2 Image Builder: Role does not exist or does not have sufficient permissions

Question

I'm trying to make a custom Ubuntu 20.04 image from a .iso file that I have uploaded to Amazon S3. I've went through all the steps to create an image pipeline, but when I get to the end and hit create pipeline it just says Error message: InvalidParameter: The service role role-name provided does not exist or does not have sufficient permissions. I've made a role specifically for this pipeline, and even when I attach a policy that has all permissions to all resources I still get this error that says it doesn't have permission.

Any help here?

Answer

The IAM role specified in the recipe will be passed as `RoleName` input parameter for [ImportImage](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ImportImage.html) API. This role will be used by VMIE to perform certain operations on your behalf and should be assumable by `vmie.amazonaws.com`.  Verify the trust policy of your role and make sure that `vmie.amazonaws.com` is in the principal list.

VM Import/Export Requirements - Required service role - https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role

Example trust policy for VMIE role:

```
{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Principal": { "Service": "vmie.amazonaws.com" },
         "Action": "sts:AssumeRole",
         "Condition": {
            "StringEquals":{
               "sts:Externalid": "vmimport"
            }
         }
      }
   ]
}
```

EC2 Image Builder: Role does not exist or does not have sufficient permissions

関連するコンテンツ