My current micro and full bosh aws installs are using static keys. I am working to get the IAM profiles keys to work but hitting a few bumps.

The micro bosh is using static keys. I updated the full bosh to use the IAM profile and the credentials source, updated the bosh release, aws_cpi, and the stemcell and deployed.

The aws_cpi jobs credentials on the full bosh are null. In checking further, there is no IAM profile attached to the ec2 instance, so if I understand this correctly, the box cannot pull the aws meta-data from the profile. The profile can only be attached when the ec2 instance is first created and the stemcell update should provide that opportunity.

Under resource_pool:
iam_instance_profile: profile_name

Under aws:
credentials_source: env_or_profile
default_iam_instance_profile: profile_name

Is there another configuration I am missing to add the IAM profile to my ec2 instance?
Do I need to deploy the full bosh from an IAM profile enabled micro/director bosh to get the profile added?

Bosh: 208
Bosh_aws_cpi: 31
Stemcell: hvm 3087

If the micro is the one creating the full bosh, make sure the micro is
running a recent enough CPI version with the IAM support - it needs to know
to use the `resource_pools[*].cloud_properties.iam_instance_profile`
property when creating your full bosh EC2 instances.

You do not need to deploy the full bosh from an EC2 instance which has an
IAM profile, but you do still need to make sure micro's static key has the
requisite `iam:PassRole` permission (I believe you'll see an AccessDenied
AWS API response if this piece is misconfigured).

--
Danny Berger
http://dpb587.me

That did it. I updated the micro bosh with a stemcell that included the aws_cpi gem >= 2.0.2 and then deployed a stemcell update to the full bosh. The full bosh instances are now associated with an IAM role.