Skip to content

Instance Profiles

Create an Instance Profile

The example below will create an instance profile named EC2InstanceProfile and add the SSMEC2RoleEpic IAM role to it. Additional variables are shown to demonstrate the required dependencies. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
policy_documents = {
    ssm_ec2 = {
        statement = [{
            principals = {
                identifiers = ["ec2.amazonaws.com"]
            }
            actions = ["sts:AssumeRole"]
        }]
    }
}

iamroles = {
    SSMEC2RoleEpic = {
        policies = [
            "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
            "arn:aws:iam::aws:policy/AmazonSSMDirectoryServiceAccess"
        ]
        assume_role_policy = "ssm_ec2"
    }
}

instanceprofiles = {
    EC2InstanceProfile = {
        role = "SSMEC2RoleEpic"
    }
}

Reference an Existing Instance Profile

The example below will reference an existing instance profile named DAEA-SHARED-MAIN-EPIC-ComputeStack-EPICAW1KPR001InstanceProfileB1181F51-6k1ztuITzaIz. The key in the map object (EC2InstanceProfile) is the name that will be used to reference the instance profile in other parts of the tfvars configuration. 

instanceprofiles = {
    EC2InstanceProfile = {
        name = "DAEA-SHARED-MAIN-EPIC-ComputeStack-EPICAW1KPR001InstanceProfileB1181F51-6k1ztuITzaIz"
        existing = true
    }
}