iam_instance_profile behavior when creating aws_instance

[schmidlop]

Terraform Version

Terraform v0.10.7

Terraform Configuration Files

resource "aws_instance" "just-docker" {
  ami             = "${data.aws_ami.just-docker-ami.id}"
  instance_type   = "t2.micro"
  key_name        = "aws_terraform_deployment_key"
  iam_instance_profile = "S3DockerImageAccess"
  tags = {
    Name = "just-docker"
  }
}

Expected Behavior

I was expecting the IAM role corresponding to the iam_instance_profile to be assigned to the instance.

Actual Behavior

terraform apply failed with message:
Error launching source instance: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message:...

Steps to Reproduce

1. terraform init
2. terraform apply

Important Factoids

My credentials are in ~/.aws/credentials
The IAM Role does not have permissions to create EC2 instances.
The IAM role grants permissions to read and write a specific s3 bucket to be used as storage for docker registry.
Seems the role is being used to create the instance, rather than my AWS credentials. If I remove the iam_instance_profile attribute - everything is fine except the resulting ec2 instance is not assigned a IAM Role.

Seems like there should be a way to assign an IAM Role to an instance that doesn't have full permissions to EC2...

[hashibot]

This issue has been automatically migrated to hashicorp/terraform-provider-aws#1976 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to this issue and let us know.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.