EC2 Launch template error in ASG

0

Hi, I created an AMI from a running EC2 instance. I am using this AMI in my Launch template. When I update my ASG with this launch template, I get error - You are not authorized to use this template. What could be the issue and how to fix this. Note that the running instance from which AMI was created was also created using another AMI.

Nimish
質問済み 22日前65ビュー
3回答
0
承認された回答

IAM:PassRole is often one I see missed that leads to this error: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-launch-template-permissions.html

You can also check cloudtrail for a RunInstances call made at the same time as the failed API, which might have more details on what permission was missing. If there's an encoded error, you'll need to use the sts decode API to see the reasons

AWS
回答済み 22日前
0

The error "You are not authorized to use this template" when updating your Auto Scaling Group (ASG) with a launch template can be due to insufficient IAM permissions. To resolve this issue, you should ensure that the IAM credentials you are using have the necessary permissions to perform the required EC2 API actions, including the ec2:RunInstances action. Additionally, if your launch template specifies any tags, you must also have permission to use the ec2:CreateTags action​

Check out this link: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/permissions-for-launch-templates.html

If this has answered your question or was helpful, accepting the answer would be greatly appreciated. Thank you!

profile picture
回答済み 22日前
  • I have verified from the shared link and the permissions are correct. As I mentioned, the new AMI was replaced with an exisitng AMI in Launch temaplate. And with old AMI in Launch template, I can edit the ASG and save. But with newly created AMI from this AMI(running as EC2), in Launch temaplate, I get error in editing ASG.

  • is the new ami encrypted with a KMS key that you do not have permission to use?

  • It is encrypted but I do have permissions for the key. Same key was used for previous AMI and that AMI works in Launch templates. So, KMS permissions also looks good.

0

ok. Might be possible. However, just found that in my case it was restrictions imposed by my organization team that the base image cannot by a custom AMI. It has to be one of the standard AMIs.

Nimish
回答済み 21日前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ