How do I resolve the error "The association iip-assoc-xxxxxxxx is not the active association" on my EC2 instance?

Last updated: 2021-01-27

I'm receiving the following error message on my Amazon Elastic Compute Cloud (Amazon EC2) instance while updating the instance profile:

"The association iip-assoc-xxxxxxxx is not the active association"

How do I resolve this error?

Short description

This error usually occurs when you attempt to update the instance profile while a previous disassociation is still unfulfilled by the API. You can use the AWS Command Line Interface (AWS CLI) to identify if an unfulfilled disassociation is causing the error, and to correct the issue.

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.

Resolution

1.    Run the following command to identify the instance profile associations for the instance:

aws ec2 describe-iam-instance-profile-associations --filters "Name=instance-id,Values=i-xxxxxxxxxxxxxxxxx">

The command output has multiple associations, each with a unique association ID (AssociationID) and status (State). Some of the associations are in the associating state and some are in the disassociating state, as shown in the following example output:

{
"IamInstanceProfileAssociations": [
  {
    "AssociationId": "iip-assoc-xxxxxxxxxxxxxxxx",
    "InstanceId": "i-xxxxxxxxxxxxxxxx",
    "IamInstanceProfile": {
      "Arn": "arn:aws:iam::xxxxxxxxxx:instance-profile/xxxxxxx",
      "Id": "xxxxxxxxxxxxxxxxxx"
     },
    "State": "disassociating"
  },
 {
    "AssociationId": "iip-assoc-xxxxxxxxxxxxxxxx",
    "InstanceId": "i-xxxxxxxxxxxxxxxx",
    "IamInstanceProfile": {
      "Arn": "arn:aws:iam::xxxxxxxxxxxx:instance-profile/xxxxxxxxx",
      "Id": "xxxxxxxxxxxxxxxx"
     },
    "State": "associating"
  }
 ]
}

2.    Run the following command to disassociate all the association IDs, including those in associating and disassociating states. Replace iip-assoc-xxxxxxxxxxxxxxxxxx with the appropriate association-id.

aws ec2 disassociate-iam-instance-profile --association-id iip-assoc-xxxxxxxxxxxxxxxxxx

3.    After disassociating all association IDs, try updating the instance profile again.