Question:
I am trying to launch an AWS EMR Cluster from the AWS Console, and am getting the following error:
|
1 2 |
Failed to provision ec2 instances because 'IAM Instance Profile "arn:aws:iam::553706642095:instance-profile/EMR_EC2_DefaultRole" has no associated IAM Roles |
Any one know what this means and how to resolve it?
The following is the role policy:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
{ "Statement": [ { "Action": [ "cloudwatch:*", "dynamodb:*", "ec2:Describe*", "elasticmapreduce:Describe*", "rds:Describe*", "s3:*", "sdb:*", "sns:*", "sqs:*" ], "Effect": "Allow", "Resource": "*" } ] } |
Its trust policy document is:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
{ "Version": "2008-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } |
Answer:
I finally resolved this issue. This was confusing because the instance-profile and the role use the same name by default. Full steps outline below, but you may be able to skip various steps.
- Create default roles (if error, downgrade to awscli version 1.10.30)
aws emr create-default-roles - Create instance profile if it doesn’t already exist:
aws iam create-instance-profile --instance-profile-name EMR_EC2_DefaultRole - Verify that instance profile exists but doesn’t have any roles:
aws iam get-instance-profile --instance-profile-name EMR_EC2_DefaultRole - Add the role using:
aws iam add-role-to-instance-profile --instance-profile-name EMR_EC2_DefaultRole --role-name EMR_EC2_DefaultRole