-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IAM instance profile not created fast enough to modify EC2 instance #838
Comments
This is still an issue; thankfully was able to just re-run |
A similar problem was fixed for instance create in hashicorp/terraform#2037. They really just need something similar to that solution, but for updating instances, somewhere in here. |
I'm suffering from this as well. I don't know why but it looks like it started happening more often than it used to. |
+1 |
Workaround: name = "example"
role = "${aws_iam_role.example_role.name}"
provisioner "local-exec" {
command = "sleep 40" # wait for instance profile to appear due to https://github.com/terraform-providers/terraform-provider-aws/issues/838
}
} |
Leaving it here in case if it works for someone else too
|
Does anybody else successfully use this trick?
|
I even try it further by using depends_on + data source + null resource + printing all computed data.
|
Launch Configurations were having the same issue: hashicorp/terraform#5862 |
Official documentation about it: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency |
Don't want to sound like a broken record as this has been pointed out in others threads, but 40s sleep time seems quite random, as AWS says there is a built in 2min delay. |
So far the only thing I've found to resolve this issue recently was to add a sleep as pointed out in this bug.. Adding a sleep of about 10-15 seconds resolves the issue. |
Hi folks! Sorry you have been having trouble with this. Usually these issues stem from the nature that many AWS services (especially IAM) are eventually consistent as noted above. We should be able to improve the provider code here to automatically retry up to two minutes here instead of just returning the error immediately. Briefly looking at the |
This fix with an associated failing acceptance test has landed in master and will be released in v1.7.1 (most likely shipping tomorrow). Cheers! 🎉 |
This has been released in terraform-provider-aws version 1.7.1. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
I'm using the latest Terraform AWS provider (1.17.0) and I'm still getting this issue. Unfortunately, I'm using name-prefixes so my IAM Role has a dynamically generated name, which means I'm re-creating a different IAM Role name each time. I happen to be connecting from Phoenix, AZ to the I actually see my Launch Configuration wait for 2 minutes before throwing the error. Here's the exact error message. * module.kafka.module.kafka_brokers.module.kafka_brokers.aws_launch_configuration.server_group: 1 error(s) occurred:
* aws_launch_configuration.server_group: Error creating launch configuration: ValidationError: Invalid IamInstanceProfile: server-group-20180504030238066800000001
status code: 400, request id: 5e02b577-xxxx-xxxx-xxxxx-xxxxxxxxxxxx |
I can confirm this problem with AWS provider version 1.14.1, trying to create launch configurations and instances. I'm in Munich and using eu-central-1, i.e. Frankfurt, so even with low latency this problem can come up. |
Just to give an update, we run automated tests on a module that threw this error. Those automated tests repeatedly passed, and then, while I was getting this error, they failed with the error in question. Now they pass again. So while this may well be an AWS provider issue, it seems to be triggered by some kind of transient AWS issue. |
I would suggest opening a new issue with all the template details so we can further troubleshoot rather than commenting on a closed issue. The |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
This issue was originally opened by @b-dean as hashicorp/terraform#15199. It was migrated here as part of the provider split. The original body of the issue is below.
When creating an IAM instance profile and modifying an EC2 instance to use it, I get the error:
Invalid IAM Instance Profile name
This seems to be the same sort of thing that was reported in hashicorp/terraform#1885 and fixed by hashicorp/terraform#2037. The difference being this is when an EC2 instance is modified, not when it is created.
Terraform Version
0.9.8
Affected Resource(s)
Terraform Configuration Files
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
to create the EC2 instanceaws_iam_role.foo
,aws_iam_instance_profile.foo
, and theiam_instance_profile
argument on theaws_instance.foo
resourceterraform apply
to create the EC2 instanceExpected Behavior
The
aws_iam_role
andaws_iam_instance_profile
should be created and theaws_instance
modified to use the instance profile.Actual Behavior
The
aws_iam_role
andaws_iam_instance_profile
are created fine, but when theaws_instance
is being modified the following error occurs:References
The text was updated successfully, but these errors were encountered: