[Issue report]Misuse of iaminstanceprofile in aws_ec2_iaminstance.json due to missing EC2InstanceProfile object #1365
Comments
xiaoen-liu
changed the title
|
@xiaoen-liu - Thanks for reporting, this is a valid issue. To make sure I understand, the current model is but it should be this instead: Is this right? |
|
Yes, without having the IamInstanceProfile as a separate model, it's not possible to correctly establish the node relationships between EC2 Instances and IAM Roles. |
|
I would like to further clarify the cause of this confusion. The creation of an AWS Instance Profile and the binding of an Instance Profile to an IAM Role are two separate API calls: However, the AWS Console design makes it appear as though the instance profile name and the IAM role name are identical, which leads to confusion. This issue becomes more pronounced when using Infrastructure as Code (IaC) tools like Terraform, CloudFormation, or CDK, where instance profile names and IAM role names are often completely different. This discrepancy can cause significant issues in environments where IaC is used to manage AWS resources, making it important to properly model the distinction between instance profiles and IAM roles. |
Title: Misuse of iaminstanceprofile in aws_ec2_iaminstance.json due to missing EC2InstanceProfile object
Description:
The misuse happens because Cartography does not currently create a separate EC2InstanceProfile object, leading to incorrect modeling of the relationship between EC2 Instances and IAM Roles.
Expected behavior:
A separate EC2InstanceProfile object should be created and properly linked to EC2 Instances.
The relationship between the EC2InstanceProfile and its associated IAM Role should be accurately represented, avoiding the incorrect assumption about the name correlation.
[optional Relevant Links:]
The text was updated successfully, but these errors were encountered: