UpdateManagedInstanceRole - AWS Systems Manager
Request SyntaxRequest ParametersResponse ElementsErrorsExamplesSee Also

UpdateManagedInstanceRole

Changes the AWS Identity and Access Management (IAM) role that is assigned to the on-premises server, edge device, or virtual machines (VM). IAM roles are first assigned to these hybrid nodes during the activation process. For more information, see CreateActivation.

Request Syntax

{
   "IamRole": "string",
   "InstanceId": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

IamRole

The name of the AWS Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the AWS Systems Manager service principal ssm.amazonaws.com. For more information, see Create an IAM service role for a hybrid and multicloud environment in the AWS Systems Manager User Guide.

Note

You can't specify an IAM service-linked role for this parameter. You must create a unique role.

Type: String

Length Constraints: Maximum length of 64.

Required: Yes

InstanceId

The ID of the managed node where you want to update the role.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 124.

Pattern: (^mi-[0-9a-f]{17}$)|(^eks_c:[0-9A-Za-z][A-Za-z0-9\-_]{0,99}_\w{17}$)

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServerError

An error occurred on the server side.

HTTP Status Code: 500

InvalidInstanceId

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • AWS Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of UpdateManagedInstanceRole.

Sample Request

POST / HTTP/1.1
Host: ssm.us-east-2.amazonaws.com
Accept-Encoding: identity
X-Amz-Target: AmazonSSM.UpdateManagedInstanceRole
Content-Type: application/x-amz-json-1.1
User-Agent: aws-cli/1.17.12 Python/3.6.8 Darwin/18.7.0 botocore/1.14.12
X-Amz-Date: 20200325T191724Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20200325/us-east-2/ssm/aws4_request,
SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE
Content-Length: 56

{
    "InstanceId": "mi-0ce084dd39EXAMPLE",
    "IamRole": "SSM"
}

Sample Response

{}

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: