Faisal,
Just to confirm that the IAM Instance Profile itself is set up correctly,
are you able to successfully launch an EC2 instance with this IAM Role
outside of Ansible, such as using the AWS Console?
-Baraa
On Wednesday, June 25, 2014 at 2:42:25 AM UTC-4, Faisal Ali Rabbani wrote:
>
> I am trying to create EC2 instance via ansible using IAM roles but I
> while launching new instance I get error
>
> failed: [localhost] => (item= IAMRole-1) => {"failed": true, "item": "
> IAMRole-1"}
> msg: Instance creation failed => UnauthorizedOperation: You are not
> authorized to perform
> this operation. Encoded authorization failure message:
> Ckcjt2GD81D5dlF6XakTSDypnwrgeQb0k
> ouRMKh3Ol1jue553EZ7OXPt6fk1Q1-4HM-tLNPCkiX7ZgJWXYGSjHg2xP1A9LR7KBiXYeCtFKEQIC
> W9cot3KAKPVcNXkHLrhREMfiT5KYEtrsA2A-xFCdvqwM2hNTNf7Y6VGe0Z48EDIyO5p5DxdNFsaSChUcb
> iRUhSyRXIGWr_ZKkGM9GoyoVWCBk3Ni2Td7zkZ1EfAIeRJobiOnYXKE6Q
>
> whereas iam role has full ec2 access, with following policy
>
> {
> "Version": "2012-10-17",
> "Statement": [
> {
> "Action": "ec2:*",
> "Effect": "Allow",
> "Resource": "*"
> },
> {
> "Effect": "Allow",
> "Action": "elasticloadbalancing:*",
> "Resource": "*"
> },
> {
> "Effect": "Allow",
> "Action": "cloudwatch:*",
> "Resource": "*"
> },
> {
> "Effect": "Allow",
> "Action": "autoscaling:*",
> "Resource": "*"
> }
> ]
> }
>
> Any suggestions please.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/c564e50d-20fe-4614-a6ea-227f9d8ba035%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
