Error: aws:ec2:errors (InvalidParameterValue / UnauthorizedOperation)

Symptom

When attempting to bring up a cluster after configuring AWS IAM Roles for use in Qubole an error message is returned with one of the following phrases:

  • AWS::EC2::Errors::UnauthorizedOperation
  • AWS::EC2::Errors::InvalidParameterValue

Cause

When creating AWS IAM policies and roles via the Web Interface the same "name" will be given to both the Role ARN and Instance Profile ARN. This will be the result when following the directions as stated in the Qubole Documentation:

http://docs.qubole.com/en/latest/user-guide/features/control-panel/create-iam-roles.html

If an alternative method such as CloudFormation is used then this will not be the case and an AWS::EC2::Errors::InvalidParameterValue error will be thrown. Details on this behavior specified in the thread on the AWS forums:

https://forums.aws.amazon.com/thread.jspa?threadID=241690

If the policies are not configured as per the link specified above then an AWS::EC2::Errors::UnauthorizedOperation error will be thrown since the Qubole policy does not have the correct permissions to launch EC2 instances. 

Action

Confirm that the configuration is configured as described in the Qubole Documentation:

http://docs.qubole.com/en/latest/user-guide/features/control-panel/create-iam-roles.html

If using CloudFormation configure the following components manually:

  • IAM Role
  • Instance Profile
  • Trust Membership
  • Cross-Account Policy
Have more questions? Submit a request

Comments

Powered by Zendesk