From 824fe13bd5f52d6de5fc438ca023de78d526aada Mon Sep 17 00:00:00 2001 From: kiddom-kq <72228610+kiddom-kq@users.noreply.github.com> Date: Fri, 26 Feb 2021 12:15:15 -0800 Subject: [PATCH] Update index.mdx While trying to get packer to: 1. Assume a role 2. use `auto` price for spot instances 2. Assign an instance profile to the provisioned instance, I hit this error: ``` The provided credentials do not have permission to create the service-linked role for EC2 Spot Instances. ``` Adding the `iam:CreateServiceLinkedRole` entitlement to the role that packer assumes was all I needed to do. --- website/content/docs/builders/amazon/index.mdx | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/website/content/docs/builders/amazon/index.mdx b/website/content/docs/builders/amazon/index.mdx index f439d4439..011137154 100644 --- a/website/content/docs/builders/amazon/index.mdx +++ b/website/content/docs/builders/amazon/index.mdx @@ -257,6 +257,17 @@ work, but specifics will depend on your use-case. } ``` +If using an existing instance profile with spot instances/spot pricing, the `iam:CreateServiceLinkedRole` action is also required: + +```json +{ + "Sid": "PackerIAMPassRole", + "Effect": "Allow", + "Action": ["iam:PassRole", "iam:GetInstanceProfile", "iam:CreateServiceLinkedRole"], + "Resource": ["*"] +} +``` + In case when you're creating a temporary instance profile you will require to have following IAM policies.