-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAM instance profile attachment race condition #9474
Comments
We are also running into this issue. Is this a problem with the timeout being too short? |
present in 0.7.11
30 sec didn't do it for me |
@brainrape what is the correct syntax? does that look right?
|
👍 |
fixes hashicorp#9474 discussion of approach in hashicorp#11634
This should be addressed in the next release with #11678 , where we use AWS waiters to ensure the IAM Profile exists before moving on. |
fixes hashicorp#9474 discussion of approach in hashicorp#11634
I still see this on Terraform v0.9.9 |
Same here, though I'm on v10.0.0. |
Probably duplicate of hashicorp/terraform-provider-aws#838 |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
It looks like there's yet another eventual consistency issue with IAM roles being created and the API returning before the role is fully created leading to errors being thrown by the AWS API when an instance attempts to use it.
#7324 and #7938 each fixed one set of issues we were seeing when creating the IAM role and profile in the same folder as the instance that used it.
We're now seeing the following error:
which follows these creating/creation complete logs:
It looks like we need to be catching and retrying on
"InvalidParameterValue", "Invalid IAM Instance Profile name"
as well as"InvalidParameterValue", "Invalid IAM Instance Profile"
and"InvalidParameterValue", " has no associated IAM Roles"
.Terraform Version
Currently running Terraform v0.7.1 but I can't see anything in the changelog or the code to suggest this has been fixed since.
Affected Resource(s)
Please list the resources as a list, for example:
Expected Behavior
Instances should have been created with correct IAM instance profile and not error.
Actual Behavior
Instances that were created first failed although they were launched with an IAM instance profile (but due to the error then not tagged and not added to state file). A second run then successfully created these "missing" instances.
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
References
Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:
#2660
#4709
EDIT: Just spotted that this exact error was thrown for the OP on this closed issue: #1885
The text was updated successfully, but these errors were encountered: