UpdateManagedInstanceRole - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

UpdateManagedInstanceRole

Changes the Amazon Identity and Access Management (IAM) role that is assigned to the on-premises server, edge device, or virtual machines (VM). IAM roles are first assigned to these hybrid nodes during the activation process. For more information, see CreateActivation.

Request Syntax

{ "IamRole": "string", "InstanceId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

IamRole

The name of the Amazon Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Systems Manager service principal ssm.amazonaws.com. For more information, see Create an IAM service role for a hybrid and multicloud environment in the Amazon Systems Manager User Guide.

Note

You can't specify an IAM service-linked role for this parameter. You must create a unique role.

Type: String

Length Constraints: Maximum length of 64.

Required: Yes

InstanceId

The ID of the managed node where you want to update the role.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 124.

Pattern: (^mi-[0-9a-f]{17}$)|(^eks_c:[0-9A-Za-z][A-Za-z0-9\-_]{0,99}_\w{17}$)

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServerError

An error occurred on the server side.

HTTP Status Code: 500

InvalidInstanceId

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of UpdateManagedInstanceRole.

Sample Request

POST / HTTP/1.1 Host: ssm.us-east-2.amazonaws.com Accept-Encoding: identity X-Amz-Target: AmazonSSM.UpdateManagedInstanceRole Content-Type: application/x-amz-json-1.1 User-Agent: aws-cli/1.17.12 Python/3.6.8 Darwin/18.7.0 botocore/1.14.12 X-Amz-Date: 20200325T191724Z Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20200325/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE Content-Length: 56 { "InstanceId": "mi-0ce084dd39EXAMPLE", "IamRole": "SSM" }

Sample Response

{}

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: