Why am I receiving an error when I try to create an Amazon EC2 Auto Scaling lifecycle hook?

Last updated: 2019-05-09

I'm receiving a validation error when I try to create an Amazon Elastic Compute Cloud (Amazon EC2) Auto Scaling lifecycle hook. The error reads "Unable to publish test message to notification target" or "Please check your target and role configuration and try to put lifecycle hook again." How do I troubleshoot these errors?

Short Description

To publish a message to the Amazon Simple Queue Service (SQS), the lifecycle hook's AWS Identity and Access Management (IAM) role must:

  • Be different from the IAM role assigned to the instance
  • Have a trust policy attached for the Auto Scaling service
  • Include specific managed policy actions
  • Be associated with the Auto Scaling group

Resolution

1.    Confirm that you've created an IAM role for the lifecycle hook that's different from the IAM role you've assigned to the instance.

2.    Be sure that the IAM role for the lifecycle hook has a trust policy attached for the Auto Scaling service.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "autoscaling.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

3.    Verify that the managed policy for the lifecycle hook's IAM role includes the following actions:
sqs:SendMessage
sqs:GetQueueUrl
sns:Publish

Important: Your target is an SQS queue and not an Amazon Simple Notification Service (Amazon SNS) resource. However, you must still include the sns:Publish action to publish a message to the SQS queue.

4.    In the AWS Command Line Interface (AWS CLI), run the aws autoscaling put-lifecycle-hook command.

5.    Run the command below to confirm that the lifecycle hook is associated with the Auto Scaling group.

aws autoscaling describe-lifecycle-hooks --auto-scaling-group-name "ExampleSQSQueueName"

Did this article help you?

Anything we could improve?


Need more help?