AWS EC2 instance create via Ansible IAM Roles instance_profile_name UnauthorizedOperation: Error

Archives Ansible Project
1

I am trying to create EC2 instance via ansible using IAM roles but I while launching new instance I get error

failed: [localhost] => (item= IAMRole-1) => {"failed": true, "item": " IAMRole-1"}
msg: Instance creation failed => UnauthorizedOperation: You are not authorized to perform
this operation. Encoded authorization failure message: Ckcjt2GD81D5dlF6XakTSDypnwrgeQb0k
ouRMKh3Ol1jue553EZ7OXPt6fk1Q1-4HM-tLNPCkiX7ZgJWXYGSjHg2xP1A9LR7KBiXYeCtFKEQIC
W9cot3KAKPVcNXkHLrhREMfiT5KYEtrsA2A-xFCdvqwM2hNTNf7Y6VGe0Z48EDIyO5p5DxdNFsaSChUcb
iRUhSyRXIGWr_ZKkGM9GoyoVWCBk3Ni2Td7zkZ1EfAIeRJobiOnYXKE6Q

whereas iam role has full ec2 access, with following policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "ec2:*",
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "elasticloadbalancing:*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "cloudwatch:*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "autoscaling:*",
      "Resource": "*"
    }
  ]
}

Any suggestions please.

2

Are you showing the credentials of the role you are using to create
the EC2 instance or those of the role the new EC2 instance will be?

3

Obviously I have not shared credentials this is the policy of role, which has full access of ec2.

4

Sorry, I wasn't clear. Are you showing the policy rules of the role
being created or the one doing the creation? It's the permissions of
the one doing the creation (not the one being attached to the new EC2
instance) that matters.

5

thanks Micheal for response.
It is the policy doing the creation.

6

Hi!

I am trying to create EC2 instance via ansible using IAM roles but I while launching new instance I get error

Did you figure it out?

7

Faisal,

Just to confirm that the IAM Instance Profile itself is set up correctly, are you able to successfully launch an EC2 instance with this IAM Role outside of Ansible, such as using the AWS Console?

-Baraa