By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudFormation stack creation failing with "Value (IAM Name) for parameter iamInstanceProfile.name is invalid. "

0

I am using a simple CF template to create an EC2 machine, please tell me what is wrong . I want to use an existing policy and not create new: AWSTemplateFormatVersion: "2010-09-09" Description: A sample template Resources: MyEC2Instance: Type: AWS::EC2::Instance Properties: InstanceType: t2.micro # AvailabilityZone: us-east-1a ImageId: "XYZ" KeyName: XYZ SecurityGroupIds: - SG-SAWS-01 IamInstanceProfile: name(last part of arn) BlockDeviceMappings: - DeviceName: /dev/sda1

      Ebs:
        VolumeType: gp2
        VolumeSize: '80'
        DeleteOnTermination: 'true'
        Encrypted: 'false'
Topics
Management & GovernanceComputeSecurity, Identity, & Compliance
Tags
AWS Management ConsoleAWS CloudFormationAmazon EC2IAM Policies
Language
English
rePost-User-6825310
asked 2 years ago2779 views
3 Answers
0

Hi,

It is not possible to be 100% certain of your problem but based upon the information supplied there are two top options I can think of

  1. Are you certain you have an IAM Profile linked to the Role? This field requires the name of a Profile and depending on how you created the Role it may not have a profile. You can check if a Profile exists by viewing the role in the IAM console and looking on the far right. It will show the ARN of the IAM profile if one exists
  2. Are you certain you have the name of the Profile? Depending on how you created the Role/Profile it is possible for the name of the Profile to be slightly different from the name of the Role. Use the IAM console to view the role and therefore the ARN of the Profile to check the name you are using.

Hopefully one of these resolves your problem.

profile pictureAWS
danjhd
answered 2 years ago
0

Are you specifying the last part of the ARN of an IAM role? If so, have you ensured that this IAM role also has an InstanceProfile? They could be 2 different things.

Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the IAM console, the console creates an instance profile automatically and gives it the same name as the role to which it corresponds. If you use the Amazon EC2 console to launch an instance with an IAM role or to attach an IAM role to an instance, you choose the role based on a list of instance profile names.

If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, with potentially different names. If you then use the AWS CLI, API, or an AWS SDK to launch an instance with an IAM role or to attach an IAM role to an instance, specify the instance profile nam

See

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html and

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html

You can see your instance profiles by opening a CloudShell session and entering aws iam list-instance-profiles

Enter image description here

profile pictureAWS
EXPERT
Matt-B
answered 2 years ago
0

I don't see anything wrong with your CloudFormation template. It is working fine from my end. You can check if your template is valid using the CloudFormation designer. Also, ensure you are using a correct IAM Role in the IamInstanceProfile property. The role must be an instance profile and have EC2 in its trusted entities.

profile picture
joahna
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content