How do I resolve the error "The association iip-assoc-xxxxxxxx is not the active association" on my EC2 instance?

2 minute read

I'm receiving the following error message on my Amazon Elastic Compute Cloud (Amazon EC2) instance while updating the instance profile: "The association iip-assoc-xxxxxxxx is not the active association" How do I resolve this error?

Short description

This error usually occurs when you attempt to update the instance profile while a previous disassociation is still unfulfilled by the API. You can use the AWS Command Line Interface (AWS CLI) to identify if an unfulfilled disassociation is causing the error, and to correct the issue.

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.

Resolution

1. Run the following command to identify the instance profile associations for the instance:

aws ec2 describe-iam-instance-profile-associations --filters "Name=instance-id,Values=i-xxxxxxxxxxxxxxxxx"

The command output has multiple associations, each with a unique association ID (AssociationID) and status (State). Some of the associations are in the associating state and some are in the disassociating state, as shown in the following example output:

{
"IamInstanceProfileAssociations": [
  {
    "AssociationId": "iip-assoc-xxxxxxxxxxxxxxxx",
    "InstanceId": "i-xxxxxxxxxxxxxxxx",
    "IamInstanceProfile": {
      "Arn": "arn:aws:iam::xxxxxxxxxx:instance-profile/xxxxxxx",
      "Id": "xxxxxxxxxxxxxxxxxx"
     },
    "State": "disassociating"
  },
 {
    "AssociationId": "iip-assoc-xxxxxxxxxxxxxxxx",
    "InstanceId": "i-xxxxxxxxxxxxxxxx",
    "IamInstanceProfile": {
      "Arn": "arn:aws:iam::xxxxxxxxxxxx:instance-profile/xxxxxxxxx",
      "Id": "xxxxxxxxxxxxxxxx"
     },
    "State": "associating"
  }
 ]
}

2. Run the following command to disassociate all the association IDs, including those in associating and disassociating states. Replace iip-assoc-xxxxxxxxxxxxxxxxxx with the appropriate association-id.

aws ec2 disassociate-iam-instance-profile --association-id iip-assoc-xxxxxxxxxxxxxxxxxx

3. After disassociating all association IDs, try updating the instance profile again.

Note: If the error persists after following the resolution steps, stop and start the instance. Then, run the disassociate-iam-instance-profile command again. Be aware that data stored in instance store volumes is lost when you stop the instance. Before stopping the instance, review the list of the effects of stopping an instance.

Related information

Using instance profiles

How do I attach or replace an instance profile on an Amazon EC2 instance?

Topics

Compute

Relevant content

Elastic Beanstalk: How do I change the application associated with my environment?
Eric
asked 5 months ago
I get a generic "An error occurred while attempting to create the stack". How do I troubleshoot this?
Accepted Answer
bbaronas
asked 7 months ago
How I can increase the Integration association limit for the Amazon Connect instance?
AWS-User-8471608
asked 2 years ago
One of the Elastic IPs associated with my running instance is not working, while the other is working.
DTS
asked 2 months ago
The instance profile aws-elasticbeanstalk-ec2-role associated with the environment does not exist.
Fred Jones
asked a year ago
How do I determine the active SSL security policy associated with my ELB listener using the AWS CLI?
AWS OFFICIALUpdated 2 years ago
How do I resolve the error "An error occurred (TargetNotConnectedException) when calling the ExecuteCommand operation" in Amazon ECS?
AWS OFFICIALUpdated 2 years ago
How do I resolve the error ‘The security token included in the request is expired’ when running Java applications on Amazon EC2?
AWS OFFICIALUpdated 2 years ago
How do I resolve the "ErrorPortAllocation" error on my NAT gateway in Amazon VPC?
AWS OFFICIALUpdated 6 months ago
Why do I get an error "The snapshot is currently in use by AMI" when I try to delete an EBS snapshot, even though there is no AMI on the account?
EXPERT
dnyanesh-db
published 4 months ago