AmazonSSMDirectoryServiceInstanceProfileRole

If you try to launch a Directory Service administration EC2 instance, it takes you to a page with some input parameters. One of them says: “IAM instance profile name. By Default, if no instance profile exists with the name AmazonSSMDirectoryServiceInstanceProfileRole, an instance profile with the name AmazonSSMDirectoryServiceInstanceProfileRole will be created.”

However, depending on your environment, you might not be able to let it create this on your behalf, in which case you need to create it manually or offer an alternative role with equivalent permissions. Googling this role name finds no AWS documentation about it, but you can inspect the associated SSM Document (AWS-CreateDSManagementInstance) and you’ll find that it requires two managed policies AmazonSSMManagedInstanceCore and AmazonSSMDirectoryServiceAccess, and an AssumeRole trust relationship to ec2.amazonaws.com. SSM Documents are not fun to wade through, so hopefully this helps someone else out there save some time.

Posted in AWS

•   LinkedIn
•  Twitter
•   Facebook
•   AngelList
•   Stack Overflow
•  SlideShare
•  GitHub
•  Colnect

• Student Loan Bill Tracker
• The Anomaly Response Network
• The Mars Society
• Coca-Cola Scholars Foundation
• TechStars
• Leukemia & Lymphoma Society
• Cystic Fibrosis Foundation
• PRISM
• Free Bikes 4 Kidz
• Cincinnati Works
• Cincinnati Youth Collaborative

• Feeney Genealogy Project

Reading:

The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations

by Gene Kim

It Doesn't Have to Be Crazy at Work

by Jason Fried

Zero to One: Notes on Startups, or How to Build the Future

by Peter Thiel

Creativity, Inc.: Overcoming the Unseen Forces That Stand in the Way of True Inspiration

by Ed Catmull