Creates a new instance profile. For information about instance profiles, see Using instance profiles.
For information about the number of instance profiles you can create, see IAM object quotas in the IAM User Guide.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::IAM::InstanceProfile",
"Properties" : {
"InstanceProfileName" : String,
"Path" : String,
"Roles" : [ String, ... ]
}
}
YAML
Type: AWS::IAM::InstanceProfile
Properties:
InstanceProfileName: String
Path: String
Roles:
- String
Properties
InstanceProfileName-
The name of the instance profile to create.
This parameter allows (through its regex pattern
) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- Required: No
Type: String
Pattern:
[\w+=,.@-]+Minimum:
1Maximum:
128Update requires: Replacement
Path-
The path to the instance profile. For more information about paths, see IAM Identifiers in the IAM User Guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
This parameter allows (through its regex pattern
) a string of characters consisting of either a forward slash (/) by itself or a string that must begin and end with forward slashes. In addition, it can contain any ASCII character from the ! ( \u0021) through the DEL character (\u007F), including most punctuation characters, digits, and upper and lowercased letters.Required: No
Type: String
Pattern:
(\u002F)|(\u002F[\u0021-\u007E]+\u002F)Minimum:
1Maximum:
512Update requires: Replacement
Roles-
The name of the role to associate with the instance profile. Only one role can be assigned to an EC2 instance at a time, and all applications on the instance share the same role and permissions.
Required: Yes
Type: Array of String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource name. For example:
{ "Ref": "MyProfile" }
For the AWS::IAM::InstanceProfile resource with the logical ID
MyProfile, Ref returns the name of the instance profile.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
Arn-
Returns the Amazon Resource Name (ARN) for the instance profile. For example:
{"Fn::GetAtt" : ["MyProfile", "Arn"] }This returns a value such as
arn:aws:iam::1234567890:instance-profile/MyProfile-ASDNSDLKJ.
Examples
IAM Instance Profile
In this example, the InstanceProfile resource refers to the role by specifying its name, "MyRole".
JSON
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"MyInstanceProfile": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Path": "/",
"Roles": [ {
"Ref": "MyRole"
} ]
}
}
}
} YAML
AWSTemplateFormatVersion: "2010-09-09"
Resources:
MyInstanceProfile:
Type: "AWS::IAM::InstanceProfile"
Properties:
Path: "/"
Roles:
-
Ref: "MyRole"
See also
-
CreateInstanceProfile in the AWS Identity and Access Management API Reference
