- Newest
- Most votes
- Most comments
Hello.
First of all, you cannot stop EC2 with "ec2:StartInstances" alone.
"ec2:StopInstances" is also required to stop EC2.
By the way, is the ARN set in the trust policy correct?
For example, how about making it available to all EventBridge schedulers as follows?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "scheduler.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
I think the following blog will be helpful for the settings itself.
https://dev.to/aws-builders/easy-setup-for-ec2-stop-jobs-with-amazon-eventbridge-scheduler-4lpg
this is my event policy { "Version": "2012-10-17", "Statement": [ { "Action": "ec2:StartInstances", "Resource": "arn:aws:ec2:eu-central-1:xxxxxxxxxxx45:instance/i-02307ed149403dd12", "Effect": "Allow" } ] }
and its trust relation
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "scheduler.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "aws:SourceArn": "arn:aws:scheduler:eu-central-1:XXXXXXXXXXX45:schedule/default/linuxStartSchedule", "aws:SourceAccount": "Xxxxxxxxxxxx45" } } } ] }
I dont think there is a problem with the IAM roles, becuse I use the same roles in my pro enviorment and it works without any problem! when use them in my sandbox account it wont work
Relevant content
- Accepted Answerasked 19 days ago
- asked a year ago
- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 7 months ago
Hi, thank you for your reply, Sorry for the misunderstanding I have also creatred a different role for starting the instance, that's why I post it by mistake. I have 1 more Role that is being used for the for instance, it has AmazonSSMManagedInstanceCore and CloudWatchAgentServerPolicy as permissions and The arn is correct, I just copy it from the instance page. I also change the role by removing the arn, but still the same result.
Shahin
What is the IAM role configured for the EventBridge scheduler? Try checking the EventBridge scheduler IAM role instead of the EC2 IAM role.