Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_instance creation failed due to missed IAM role #4306

Closed
partamonov opened this issue Dec 14, 2015 · 3 comments
Closed

aws_instance creation failed due to missed IAM role #4306

partamonov opened this issue Dec 14, 2015 · 3 comments
Labels
bug provider/aws

Comments

@partamonov
Copy link

Rather often I'm getting aws_instance creation error, due to it is pointing to profile with empty roles.
Version is 0.6.8 and this I saw before
Error message:

Error applying plan:

1 error(s) occurred:

* aws_instance.vm: Error launching source instance: InvalidParameterValue: IAM Instance Profile "arn:aws:iam::xxxxx:instance-profile/development" has no associated IAM Roles
        status code: 400, request id:

What I have.
IAM module with following inside:

resource "aws_iam_instance_profile" "development" {
...
  roles = ["${aws_iam_role.development.name}"]
}

some 
resource "aws_iam_role_policy" "sns" {
    name = "default_sns"
    role = "${aws_iam_role.development.id}"
...
}

resource "aws_iam_role" "development" {
...
}

output "profile" {
  value = "${aws_iam_instance_profile.development.name}"
}

And aws instance is created in module

module "cis" {
  source = "../modules/cis_instance"
  ...
  iam_profile = "${module.aws_iam.profile}"
}

resource "aws_instance" "vm" {
  ami = "${var.ami_id}"
  ...
  iam_instance_profile = "${var.iam_profile}"
}
@jen20
Copy link
Contributor

jen20 commented Dec 14, 2015

This seems like it may be related to #4235 and the eventual consistency of IAM. The discussion there suggests we wait for the instance profile to exist as part of instance creation, so it might be that we need additional logic there to check for roles having not been added yet.

@catsby
Copy link
Contributor

catsby commented Dec 18, 2015

Hey @partamonov – I've seen this error myself, a handful of times last week, but not since. I've tried several times just this morning and everything has worked. Are you able to reliably reproduce it?

As @jen20 said, it's (very likely) an eventual consistency thing with IAM. #4235 is similar to something we'll go with in the near future, assuming the aws SDK incorporates some need hooks into the waiters they provide. Using the waiters as they are now can give the appearance that Terraform is hung, which is less than ideal.

I'm going to close this for now. Please let me know if this is something you can reliably reproduce, and maybe we'll reopen for another look.

Thanks!

@catsby catsby closed this as completed Dec 18, 2015
@radeksimko radeksimko mentioned this issue Dec 27, 2015
Merged
@tdeheurles tdeheurles mentioned this issue Jun 8, 2016
Closed
@ghost
Copy link

ghost commented Apr 29, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 29, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@catsby @jen20 @partamonov