Re: [boto-users] Alarm Action "Terminate EC2 Instance" failed

45 views
Skip to first unread message

Mitchell Garnaat

unread,
May 14, 2013, 3:06:35 PM5/14/13
to boto-users
I haven't actually tried to terminate an instance with an alarm yet but it is my understanding that as long as the account or IAM user that created the alarm has been granted the ability to execute the TerminateInstance request, it should work.

Are you certain that the credentials that are used when you are creating the event have been granted the necessary access?

Mitch


On Tue, May 14, 2013 at 2:20 AM, Tom L <tl...@washtec.de> wrote:
Hello, 

when I start a certain type of instance the userdata-script creates a metric + alarm via Boto.
The metric delivers its data to CloudWatch correctly.
The alarm should terminate the instance as an action if some condition based on the metric matches.
In CloudWatch the alarm seems to be created correctly and it switches the alarm-states as desired.

BUT:
When it comes to execute the action it fails with the following "history" entry:
  • Alarm updated from OK to ALARM. Reason: Threshold Crossed: 5 datapoints were greater than the threshold (200.0). The most recent datapoints: http://999.0, 999.0.
  • arn:aws:automate:eu-west-1:ec2:terminate is in progress.
  • Terminate EC2 Instance 'i-xxx' action failed. AWS was not able to validate the provided access credentials.



I've already granted the policy "AdministratorAccess" to the "userdata"-Role which is attached to the instance.

Any hints?

Regards 
Tom

--
You received this message because you are subscribed to the Google Groups "boto-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to boto-users+...@googlegroups.com.
To post to this group, send email to boto-...@googlegroups.com.
Visit this group at http://groups.google.com/group/boto-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Tom L

unread,
May 14, 2013, 3:23:34 PM5/14/13
to boto-...@googlegroups.com, mi...@garnaat.com
Hi Mitch,

Which right would that be? Is this a right that has to be set explicitly?
I'm pretty sure that the policy "AdministratorAccess" has all necessary rights to terminate an EC2 instance.

Regards
Tom
Reply all
Reply to author
Forward
0 new messages