ec2.monitor_instances() operation giving unauthorize error.

Question

Hi, I am trying to fetch the instance name by using the instance id in Lambda function (using Python language) via the below commands.

if sys.argv[0] == 'ON':
      monitor = ec2.monitor_instances(InstanceIds=[id])
    else:
      monitor = ec2.unmonitor_instances(InstanceIds=[id])

The lambda function gets executed when an alarm is in active state.

I am getting error as,
[ERROR] ClientError: An error occurred (UnauthorizedOperation) when calling the MonitorInstances operation: You are not authorized to perform this operation.

I have full ec2 access, still not able to execute these commands. Do I need any specific role for this or are these commands outdated?

Can you suggest any other command which can be executed in lambda function to get the instance name using the instance id?

Accepted Answer

The sample code you're given isn't really applicable in Lambda (because there isn't a `sys.argv[0]` to reference) - but I'm going to assume that it isn't the actual code you're using.

What is in the variable `id` - have you checked to make sure that it is a valid instance id and it is an instance id that you own?

Second, if your account is part of an Organization could the permissions be denied by a Service Control Policy?

Otherwise, the [IAM troubleshooting guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html) might be of assistance.

ec2.monitor_instances() operation giving unauthorize error.

Relevant content