AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Unable to use 'service-role/xxx' when calling `createActivation`

0

I use aws-sdk-js to create activation, here is the code:

const AWS = require('aws-sdk');
const ssm = getSSM({ region: 'us-east-1' });
ssm.createActivation({
  IamRole: 'service-role/AmazonEC2RunCommandRoleForManagedInstances'
}, (...args) => console.log(args));

And I got the following error:

{ ValidationException: 1 validation error detected: Value 'service-role/AmazonEC2RunCommandRoleForManagedInstances' at 'iamRole' failed to satisfy constraint: Member must satisfy regular expression pattern: ^[\p{L}\p{N}+=,.@\-_]*$
      at Request.extractError (/tetrascience/ts-service-datahub/node_modules/aws-sdk/lib/protocol/json.js:51:27)
      at Request.callListeners (/tetrascience/ts-service-datahub/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
      at Request.emit (/tetrascience/ts-service-datahub/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
      at Request.emit (/tetrascience/ts-service-datahub/node_modules/aws-sdk/lib/request.js:683:14)
      at Request.transition (/tetrascience/ts-service-datahub/node_modules/aws-sdk/lib/request.js:22:10)
      at AcceptorStateMachine.runTo (/tetrascience/ts-service-datahub/node_modules/aws-sdk/lib/state_machine.js:14:12)
      at /tetrascience/ts-service-datahub/node_modules/aws-sdk/lib/state_machine.js:26:10
      at Request.<anonymous> (/tetrascience/ts-service-datahub/node_modules/aws-sdk/lib/request.js:38:9)
      at Request.<anonymous> (/tetrascience/ts-service-datahub/node_modules/aws-sdk/lib/request.js:685:12)
      at Request.callListeners (/tetrascience/ts-service-datahub/node_modules/aws-sdk/lib/sequential_executor.js:116:18)
    message:
     '1 validation error detected: Value \'service-role/AmazonEC2RunCommandRoleForManagedInstances\' at \'iamRole\' failed to satisfy constraint: Member must satisfy regular expression pattern: ^[\\p{L}\\p{N}+=,.@\\-_]*$',
    code: 'ValidationException',
    time: 2019-06-28T15:12:53.630Z,
    requestId: '4f10020c-8acd-470c-ade3-89d2046bb07c',
    statusCode: 400,
    retryable: false,
    retryDelay: 4.082470922819459 }

I created an issue at aws-sdk-js repo: https://github.com/aws/aws-sdk-js/issues/2748 , and I was told that the regex validation error comes from the server side.

Based on the reference of AWS SSM API, there is no regex pattern constraint on the IamRole parameter. (https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateActivation.html) Why does the server returns a regex error?

주제
관리 및 거버넌스
태그
AWS 시스템 관리자
언어
English
cdai
질문됨 5년 전301회 조회
3개 답변
0

Hi there, this is a known bug recently introduced in our validation, and a fix is rolling out (should be relatively fast, but I can't guarantee any specific timeline).

In the meantime, to unblock yourself, you can use the steps outlined here https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-service-role.html in order to create a role that doesn't contain the problematic 'service-role/' portion.

AWS-User-9635423
답변함 5년 전
0

Thank you for the update!

cdai
답변함 5년 전
0

Glad to help! I believe this issue should be resolved by now.

AWS-User-9635423
답변함 5년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠