instance_profiles
Creates, updates, deletes or gets an instance_profile resource or lists instance_profiles in a region
Overview
| Name | instance_profiles |
| Type | Resource |
| Description | Creates a new instance profile. For information about instance profiles, see [Using instance profiles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html). For information about the number of instance profiles you can create, see [object quotas](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) in the *User Guide*. |
| Id | aws.iam.instance_profiles |
Fields
| Name | Datatype | Description |
|---|---|---|
path | string | The path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the *IAM User Guide*. This parameter is optional. If it is not included, it defaults to a slash (/). This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( \u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters. |
roles | array | The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions. |
instance_profile_name | string | The name of the instance profile to create. This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- |
arn | string | |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | Roles, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all instance_profiles in a region.
SELECT
region,
path,
roles,
instance_profile_name,
arn
FROM aws.iam.instance_profiles
;
Gets all properties from an individual instance_profile.
SELECT
region,
path,
roles,
instance_profile_name,
arn
FROM aws.iam.instance_profiles
WHERE data__Identifier = '<InstanceProfileName>';
INSERT example
Use the following StackQL query and manifest file to create a new instance_profile resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.iam.instance_profiles (
Roles,
region
)
SELECT
'{{ Roles }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.iam.instance_profiles (
Path,
Roles,
InstanceProfileName,
region
)
SELECT
'{{ Path }}',
'{{ Roles }}',
'{{ InstanceProfileName }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: instance_profile
props:
- name: Path
value: '{{ Path }}'
- name: Roles
value:
- '{{ Roles[0] }}'
- name: InstanceProfileName
value: '{{ InstanceProfileName }}'
DELETE example
/*+ delete */
DELETE FROM aws.iam.instance_profiles
WHERE data__Identifier = '<InstanceProfileName>'
AND region = 'us-east-1';
Permissions
To operate on the instance_profiles resource, the following permissions are required:
Create
iam:CreateInstanceProfile,
iam:PassRole,
iam:AddRoleToInstanceProfile,
iam:GetInstanceProfile
Read
iam:GetInstanceProfile
Update
iam:PassRole,
iam:RemoveRoleFromInstanceProfile,
iam:AddRoleToInstanceProfile,
iam:GetInstanceProfile
Delete
iam:GetInstanceProfile,
iam:RemoveRoleFromInstanceProfile,
iam:DeleteInstanceProfile
List
iam:ListInstanceProfiles