Attaches an instance Resource Access Management (RAM) role to one or more Elastic Compute Service (ECS) instances. An instance can have only a single instance RAM role. If an instance already has an instance RAM role, an error is returned when you attach another instance RAM role to the instance.
Debugging
Authorization information
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
RegionId | string | Yes | The region ID. You can call the DescribeRegions operation to query the most recent region list. | cn-hangzhou |
RamRoleName | string | Yes | The name of the instance RAM role. You can call the ListRoles operation provided by RAM to query the instance RAM roles that you created. | testRamRoleName |
InstanceIds | string | Yes | The IDs of the instances. The value can be a JSON array that consists of up to 100 instance IDs. Separate the IDs with commas (,). | [“i-bp14ss25xca5ex1u****”, “i-bp154z5o1qjalfse****”, “i-bp10ws62o04ubhvi****”…] |
Policy | string | No | The policy. The policy document must be 1 to 1,024 characters in length. When you attach an instance RAM role to one or more instances, you can specify an additional policy to further limit the permissions of the role. For more information, see Policy overview. | {"Statement": [{"Action": ["*"],"Effect": "Allow","Resource": ["*"]}],"Version":"1"} |
Response parameters
Examples
Sample success responses
JSON
format
{
"RamRoleName": "testRamRoleName",
"RequestId": "D9553E4C-6C3A-4D66-AE79-9835AF705639",
"TotalCount": 1,
"FailCount": 0,
"AttachInstanceRamRoleResults": {
"AttachInstanceRamRoleResult": [
{
"Code": "200",
"Message": "success",
"InstanceId": "i-bp10ws62o04ubhvi****",
"Success": true
}
]
}
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidInstanceIds.Malformed | The specified instanceIds are not valid. | Multiple specified instance IDs are invalid. |
403 | InvalidNetworkType.MismatchRamRole | Ram role cannot be applied to instances of Classic network type. | Instance RAM roles can be used only for instances of the VPC type, not for instances of the classic network type. |
403 | InvalidUser.PassRoleForbidden | The RAM user does not have the privilege to pass a RAM role. | The RAM user is not authorized to pass a RAM role. |
404 | InvalidInstanceId.NotFound | The specified instanceId does not exist. | The specified instance does not exist. |
404 | InvalidRamRole.NotFound | The specified RAMRoleName does not exist. | The specified RamRoleName parameter does not exist. |
404 | InvalidRamRole.NotEcsRole | The specified ram role is not authorized for ecs, please check your role policy. | The specified RAM role is not authorized to use ECS. Check your role policies. |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation | ||||||||
---|---|---|---|---|---|---|---|---|---|---|
2023-07-10 | The Error code has changed | see changesets | ||||||||
|