0

I am trying to activate the AWS ec2 instance at ssm manager using the boto3 api call however its failing with regex error.

Issue is already raised at https://github.com/aws/aws-sdk-js/issues/2748 but no proper solution found

response = client.create_activation(DefaultInstanceName='my-instance-name', 
                                   IamRole='arn:aws:iam::xxxxxxx:role/my-role-name')

Traceback (most recent call last): File "", line 1, in File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 320, in _api_call return self._make_api_call(operation_name, kwargs) File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 623, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (ValidationException) when calling the CreateActivation operation: 1 validation error detected: Value 'arn:aws:iam::xxxxxxxx:role/my-role-name' at 'iamRole' failed to satisfy constraint: Member must satisfy regular expression pattern: ^[\p{L}\p{N}+=,.@-_/]*$

Though i have copied the IAM Role ARN.

I really appreciate if anybody has a solution for this..

Improve this question
0

1 Answer 1

Reset to default
0

IamRole parameter expects name of the role, not ARN. You should replace arn:aws:iam::xxxxxxx:role/my-role-name with my-role-name.

response = client.create_activation(DefaultInstanceName='my-instance-name',
                                    IamRole='my-role-name')
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I tried this before posting this question however no luck. Below is the output for you. return self._make_api_call(operation_name, kwargs) File "/usr/local/lib/python2.7/dist-packages/botocore/client.py", line 623, in _make_api_call raise error_class(parsed_response, operation_name) botocore.exceptions.ClientError: An error occurred (ValidationException) when calling the reateActivation operation: Not existing role: arn:aws:iam::xxxxxxx:role/my-role-name.
Are you sure that you role name is correct and that there is proper trust relationship configured between your role and the service? Note that if there is no trust between them then it will not work.
Could you please how to elaborate your suggestion or any links where i could configure the trust relationship as i haven't come across this in aws docs.
Go to IAM service -> roles -> select the role that you are referencing -> select trust relationship tab -> see trusted entities -> ssm service should be trusted. Also see docs.aws.amazon.com/directoryservice/latest/admin-guide/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.