AWS::IAM::InstanceProfile - AWS CloudFormation
SyntaxPropertiesReturn valuesExamplesSee also

AWS::IAM::InstanceProfile

Creates a new instance profile. For information about instance profiles, see Using instance profiles.

For information about the number of instance profiles you can create, see IAM object quotas in the IAM User Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::IAM::InstanceProfile",
  "Properties" : {
      "InstanceProfileName" : String,
      "Path" : String,
      "Roles" : [ String, ... ]
    }
}

YAML

Type: AWS::IAM::InstanceProfile
Properties: 
  InstanceProfileName: String
  Path: String
  Roles: 
    - String

Properties

InstanceProfileName

The name of the instance profile to create.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Required: No

Type: String

Minimum: 1

Maximum: 128

Pattern: [\w+=,.@-]+

Update requires: Replacement

Path

The path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide.

This parameter is optional. If it is not included, it defaults to a slash (/).

This parameter allows (through its regex pattern) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! (\u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.

Required: No

Type: String

Minimum: 1

Maximum: 512

Pattern: (\u002F)|(\u002F[\u0021-\u007F]+\u002F)

Update requires: Replacement

Roles

The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.

Required: Yes

Type: List of String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name. For example:

{ "Ref": "MyProfile" }

For the AWS::IAM::InstanceProfile resource with the logical ID MyProfile, Ref returns the name of the instance profile.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

Returns the Amazon Resource Name (ARN) for the instance profile. For example:

{"Fn::GetAtt" : ["MyProfile", "Arn"] }

This returns a value such as arn:aws:iam::1234567890:instance-profile/MyProfile-ASDNSDLKJ.

Examples

IAM Instance Profile

In this example, the InstanceProfile resource refers to the role by specifying its name, "MyRole".

JSON

{
   "AWSTemplateFormatVersion": "2010-09-09",
   "Resources": {
      "MyInstanceProfile": {
         "Type": "AWS::IAM::InstanceProfile",
         "Properties": {
            "Path": "/",
            "Roles": [ {
               "Ref": "MyRole"
            } ]
         }
      }
   }
}

YAML

AWSTemplateFormatVersion: "2010-09-09"
Resources: 
  MyInstanceProfile: 
    Type: "AWS::IAM::InstanceProfile"
    Properties: 
      Path: "/"
      Roles: 
        - 
          Ref: "MyRole"

See also