Replaces an IAM instance profile for the specified running instance. You can use this action to change the IAM instance profile that’s associated with an instance without having to disassociate the existing IAM instance profile first.
Use DescribeIamInstanceProfileAssociations to get the association ID.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
replace-iam-instance-profile-association
--iam-instance-profile <value>
--association-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]
--iam-instance-profile
(structure)
The IAM instance profile.
Arn -> (string)
The Amazon Resource Name (ARN) of the instance profile.
Name -> (string)
The name of the instance profile.
Shorthand Syntax:
Arn=string,Name=string
JSON Syntax:
{
"Arn": "string",
"Name": "string"
}
--association-id
(string)
The ID of the existing IAM instance profile association.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
--cli-auto-prompt
(boolean)
Automatically prompt for CLI input parameters.
See ‘aws help’ for descriptions of global parameters.
To replace an IAM instance profile for an instance
This example replaces the IAM instance profile represented by the association iip-assoc-060bae234aac2e7fa
with the IAM instance profile named AdminRole
.
aws ec2 replace-iam-instance-profile-association \
--iam-instance-profile Name=AdminRole \
--association-id iip-assoc-060bae234aac2e7fa
Output:
{
"IamInstanceProfileAssociation": {
"InstanceId": "i-087711ddaf98f9489",
"State": "associating",
"AssociationId": "iip-assoc-0b215292fab192820",
"IamInstanceProfile": {
"Id": "AIPAJLNLDX3AMYZNWYYAY",
"Arn": "arn:aws:iam::123456789012:instance-profile/AdminRole"
}
}
}
IamInstanceProfileAssociation -> (structure)
Information about the IAM instance profile association.
AssociationId -> (string)
The ID of the association.
InstanceId -> (string)
The ID of the instance.
IamInstanceProfile -> (structure)
The IAM instance profile.
Arn -> (string)
The Amazon Resource Name (ARN) of the instance profile.
Id -> (string)
The ID of the instance profile.
State -> (string)
The state of the association.
Timestamp -> (timestamp)
The time the IAM instance profile was associated with the instance.