1

There is an AWS EC2 instance which is launched by an auto-scaling-group. I wish to put this instance to Pending state during initialization.

This is very easy with the lifecycle hooks:

enter image description here

This hook will wait 3600 seconds before abandoning the instance.

I wish to call aws autoscaling complete-lifecycle-action on the EC2 instance being initialized, however I always got:

Unable to locate credentials. You can configure credentials by running "aws configure".

Then I found out that I can create an IAM Role, which then I can attach to the EC2 instance, however that is not working either:

Role has been defined as below:

enter image description here

However when I choose the modify IAM role on a running instance:

enter image description here

How could I manage to send back the complete-lifecycle-action from the EC2 instance with the easiest and most secure way? (I.e. I wish to give it a permission to only send back this message; I wish the role doesn't contain any permission for scaling in/out, modifying asg details, etc)

Daniel
  • 191
  • 1
  • 2
  • 8

1 Answers1

0

For your first problem "Unable to locate credentials. You can configure credentials by running "aws configure"

You need to configure your CLI credentials by running "aws configure". Once you get that set up correctly, you should be able to run any aws cli commands.

It's a bit different when using IAM roles. You need to create a new role, attach the correct policies, add trust relationships. Then you'll want to create an automation using Event Bridge to capture the outputs (token, instanceid, etc) and pass that to an SSM or Lambda to complete the lifecycle hook

https://docs.aws.amazon.com/autoscaling/ec2/userguide/warm-pool-events-eventbridge-rules.html

Tony
  • 36
  • 3