no possibility to set iam_instance_profile for the spot fleet request as a global setting

[TattiQ]

Hi guys,

Apologies if it's something simple, I am new to Terraform.
I have been testing the resource "aws_spot_fleet_request" . The goal is to automate the creation of spot instance requests using terraform. Interesting observation - one can specify iam_instance_profile in the launch_specification for the instances (and then the iam role for the instance is set just fine) , but it will not be visible in the spot instances request settings

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.
Terraform version: 0.11.7

Affected Resource(s)

Please list the resources as a list, for example:
resource "aws_spot_fleet_request"

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

Debug Output

Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.
Neither DEBUG nor TRACE logging showed anything out of the ordinary

Panic Output

If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the crash.log.
no panic

Expected Behavior

What should have happened?
if one creates a request manually, once it's fulfilled the properties look like this

Note IAM role is filled in.

Actual Behavior

What actually happened?

No IAM role, but the instances have the IAM role assigned (since launch config contained it)

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

resource "aws_sws_spot_fleet_request" "cheap_compute" {
  iam_fleet_role      = "arn:aws:iam::xxxxxxxxxxxxxx:role/ec2-spot-fleet"
  spot_price          = "0.888"
  allocation_strategy = "lowestPrice"
  target_capacity     = 2
  terminate_instances_with_expiration = true
  valid_until         = "2019-05-04T07:44:20Z"


  launch_specification {
    instance_type     = "c3.xlarge"
    ami               = "ami-61d1f333"
    vpc_security_group_ids   = ["sg-ec545678"]
    iam_instance_profile = "jenkins-slave"
    spot_price        = "0.239"
    key_name          = "key"
    subnet_id         = "subnet-03456d51"
    availability_zone = "eu-west-1b"
    user_data = "${data.template_file.ec2-spot-userdata.rendered}"

    root_block_device {
      volume_size = "300"
      volume_type = "gp2"
    }

    tags {
      Name = "spot-fleet-terraform"
    }
  }

Important Factoids

Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• Make aws_iam_policy_attachment warning less opaque #1234

[saravanan30erd]

PR #4511

[bflad]

@TattiQ can you please describe more about where the jenkins-slave IAM instance profile is coming from? e.g.

• Are you positive an IAM instance profile is attached to the IAM role?
• Is the instance profile in the same account? In v1.19.0 of the AWS provider you'll be able to specify iam_instance_profile_arn for a cross-account instance profile
• Is the instance profile being created at the same time as the Spot Fleet Request?

[takenoko-str]

I have the same issue. Maybe, I find a way to solve this issue.

# add aws_iam_instance_profile
data "aws_iam_instance_profile" "sample" {
  name = "your_role"
}
....
  launch_specification {
    # doesn't work
    # iam_instance_profile        = "${data.aws_iam_instance_profile.sample.role_name}"
    # work fine
    iam_instance_profile_arn        = "${data.aws_iam_instance_profile.sample.arn}"
  }

• version

$ terraform -v
Terraform v0.11.7
+ provider.aws v1.19.0
+ provider.template v1.0.0

[bflad]

The fix for this (#4591) should be in v1.20.0 of the AWS provider, releasing later this week.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!