Menu
I am trying to attach an existing role created in AWS, but i am not able to add it in Terraform Code. I tried to add the role in instance profile but it didnt work either for me.
Is there any direct way to add it in the resource in terraform code.??
iam_instance_profile = "my-role"
my-role is having the full access of ec2.
412
iam_instance_profile = "my-role"
is the correct way to assign an IAM instance profile to an instance. It is likely you do not have the permissions to assign an instance profile. Make sure whoever is running the Terraform script has iam:PassRole permission. It is often overlooked.
See: Granting a User Permissions to Pass a Role
107
I followed the process which @helloV mentioned in the previous post for using the existing role in terraform/cfn.
Step1: Create a new custom policy and add the following content.
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:PassRole"
],
"Resource": "arn:aws:iam::<account-id>:role/<role-name>"
}]
}
In the above json snippet change the account-id and role-name accordingly.
Step2:
Attach the new created custom policy with the existing IAM Role.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With