Cloudformation LaunchTemplate referencing IamInstanceProfile fails to create

Refresh

April 2019

Views

301 time

1

I am trying to create a LaunchTemplate, which references an IamInstanceProfile, in my Cloudformation stack. Here is the code- i have omitted the irrelevant parts:

...
            Resources:
              ServerLaunchTemplate:
                Type: 'AWS::EC2::LaunchTemplate'
                Properties:
                  LaunchTemplateData:
                    InstanceType: !Ref InstanceType
                    SecurityGroups:
                      - !Ref SecGroup
                    IamInstanceProfile: !Ref ServerProfile
                    UserData:
        ...
              ServerProfile:
                Type: 'AWS::IAM::InstanceProfile'
                Properties:
                  Path: /
                  Roles:
                    - !Ref ServerRole
...

The ServerProfile gets created successfully. However when the stack creation process reaches the step of creating the ServerLaunchTemplate, it fails with the error:

Property validation failure: [Value of property {/LaunchTemplateData/IamInstanceProfile} does not match type {Object}]

If i omit the reference to the IamInstanceProfile, the LaunchTemplate get created successfully.

According to the documentation and some examples this should work... Based on the error i understand, that the InstanceType field of the LaunchTemplate needs to reference an object, but "!Ref InstanceType" returns the resource id.

How can i fix this? How could i retrieve the object, that is presumably required by the "/LaunchTemplateData/IamInstanceProfile" field?

Thank you

1 answers

3

Easy to miss in the docs: IamInstanceProfile requires an IamInstanceProfile Cloudformation object with the Arn of the referenced IamInstanceProfile being a property of it.

See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-launchtemplatedata.html#cfn-ec2-launchtemplate-launchtemplatedata-iaminstanceprofile and https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-launchtemplate-iaminstanceprofile.html.

This should work:

  PortalLaunchTemplate:
    Type: 'AWS::EC2::LaunchTemplate'
    Properties:
      LaunchTemplateName: !Sub ${InstanceName}-launch-template
      LaunchTemplateData:
        ImageId: !Ref AmiId
        ...
        IamInstanceProfile:
          Arn: !GetAtt InstanceProfile.Arn