iam_instance_profile not updating roles

[salliewalecka]

Terraform Version

v0.9.11

Affected Resource(s)

iam_instance_profile

Terraform Configuration Files

resource "aws_iam_instance_profile" "instance-profile" {
  name = "test-eb-instance-profile"
  role = "${aws_iam_role.test-role.name}"
}

Debug Output

• 2017-07-27 18:25:22.125 +0000 UTC () : The instance profile test-eb-instance-profile associated with the environment has no role. Please attach a role to the instance profile.
• 2017-07-27 18:25:22.254 +0000 UTC () : Failed to launch environment.

Expected Behavior

When using role attribute, the instance profile should have a role. e.g.

{
    "InstanceProfileId": "***********", 
    "Roles": [
        {
            "AssumeRolePolicyDocument": {
                "Version": "2012-10-17", 
                "Statement": [
                    {
                        "Action": "sts:AssumeRole", 
                        "Principal": {
                            "Service": "ec2.amazonaws.com"
                        }, 
                        "Effect": "Allow", 
                        "Sid": ""
                    }
                ]
            }, 
            "RoleId": "***********", 
            "CreateDate": "2017-07-27T16:47:16Z", 
            "RoleName": "test-eb-instance-role", 
            "Path": "/", 
            "Arn": "arn:aws:iam::***********:role/test-eb-instance-role"
        }
    ], 
    "CreateDate": "2017-07-27T14:32:58Z", 
    "InstanceProfileName": "test-eb-instance-profile", 
    "Path": "/", 
    "Arn": "arn:aws:iam::***********:instance-profile/test-eb-instance-profile"
}

Actual Behavior

When using role attribute, the instance profile had an empty array.

{
    "InstanceProfileId": "************", 
    "Roles": [], 
    "CreateDate": "2017-07-27T14:32:58Z", 
    "InstanceProfileName": "test-eb-instance-profile", 
    "Path": "/", 
    "Arn": "arn:aws:iam::1*********"
} 

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. Create an iam_instance_profile with roles
2. Terraform apply
3. Change iam_instance_profile to role (because roles is deprecated)
4. Terraform apply
5. See error: The instance profile ______ associated with the environment has no role. Please attach a role to the instance profile.

Workaround

Go back to using roles even though it is deprecated.

resource "aws_iam_instance_profile" "instance-profile" {
  name = "test-eb-instance-profile"
  roles = ["${aws_iam_role.instance-role.name}"]
}

[peterromfeldhk]

same with Terraform v0.10.2
thanks for the workaround!

[redbaron]

Happens with terraform-provider-aws 0.10 too. Thanks for workaround!

[charsyam]

Happens with Terraform v0.11.7, provider.aws v1.17.0 too.
Thanks for workaround!

[ryndaniels]

Hi @salliewalecka - Thanks for taking the time to submit this issue. I had a look at this with the most recent versions of Terraform and the AWS Provider (0.12.13 and 2.38.0 respectively, at the moment) and was unable to reproduce this behavior - changing from roles to role worked as expected without error. We’re going to close this issue for now, but if you run into this again with the latest Terraform and Provider versions, please feel free to open a new issue. 🙂

[peteroneilljr]

Thanks for the work-around!! I've been stuck on this problem all day.

terraform -v                         
Terraform v0.12.17
+ provider.aws v2.31.0
+ provider.template v2.1.2

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!