Problem Description:
EC2 backup jobs fail with a validation error regarding the instanceProfileName.
Traceback
"status_message": "1 validation error detected: Value at 'instanceProfileName' failed to satisfy constraint: Member must satisfy regular expression pattern: [\\w+=,.@-]+"
Root Cause
When CloudRanger initiates a backup, it may spin up a temporary worker instance. If the source EC2 instance (e.g., a backup gateway) is associated with an IAM Instance Profile whose name contains disallowed characters, the AWS API rejects the request.
AWS requires Instance Profile names to follow a specific regular expression: [\w+=,.@-]+. Common culprits for this failure include:
Spaces (the most frequent cause)
Special symbols like brackets
(), slashes/, or asterisks*
Resolution Steps
To resolve this issue and prevent it from affecting other instances, ensure all Instance Profile names are AWS-compliant.
1. Identify the Non-Compliant Profile
Log in to the AWS Management Console.
Navigate to the EC2 Dashboard and select the affected instance.
Under the Details tab, locate the IAM Role.
Note: In many cases, the Instance Profile name is identical to the IAM Role name. Check if this name contains spaces or unsupported symbols.
2. Create a Compliant IAM Role/Profile
If the current name is invalid, you must create or use a profile with a compliant name:
Go to the IAM Console > Roles.
Create a new Role (or use an existing one) that uses only alphanumeric characters and allowed symbols:
+,=,,,.,@,-, or_(underscore).Ensure there are no spaces.
3. Attach the New Profile to the Instance
Return to the EC2 Console.
Select the affected instance.
Click Actions > Security > Modify IAM Role.
Select the newly created, compliant IAM Role from the dropdown and click Update IAM Role.
4. Verify the Backup
Return to Druva CloudRanger.
Manually trigger a backup for the instance to confirm the
ValidationErroris resolved.