Not able to use IAM role assigned to EC2 instance at startup


I am trying to create an autoscaling group with EC2 instances, I need to completed few tasks as an instance starts up and have created a shell + python3(boto3 script). I need to assign some elastic Ips etc. the instance has an IAM role assigned to it to complete the tasks. I assigned this role while creating the autoscaling group and launch configuration. I add the script as 'user-data' to the instance startup.

I tested the script independently and it works, but unfortunately it doesn't work when the instance is launched and the script is invoked. I get an error "unauthorized" when it tries to run it. Although I can see that the IAM role gets correctly assigned to the instance. I also tried by adding a wait time of about 30 seconds so the role may correctly get assigned to the instance, but that still didn't work.

If I manually invoke the script after logging into the instance, it works. I have tried running the script as both only boto3 and as aws cli commands, I still get unauthorized for both.

Other ways to do it would be that I invoke lambda functions as a target lifecycle hook during startup, but in that case I do not have a way to send the instance id to the function, which I needed for my script.

Not sure what I am doing wrong here. Is there some other way I should invoke the script?

질문됨 4년 전270회 조회
1개 답변

I was able to do this now, turned out the ec2 image I was using had an aws key configured for its root user, which was conflicting with the role assigned to the instance, after removing the configuration of the root user I was successfully able to run my scenario.

답변함 4년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠