I am new to terraform . I saw one post with same error and i tried that solution too but didn’t work for me. I am trying to create auto scaling group with launch template. I am creating one role(role for EC2 to access ECS cluster) and then launch template. When i launch asg , it gives me below error -
Invalid launch template specified in Step 1: Value (arn:aws:iam::xxxx:instance-profile/ECSforEC2) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name
Below are my role.tf and lt.tf-
+++++++role.tf++++++++++
resource “aws_iam_role” “ecs_role”{
name = var.ECS_ROLE_FOR_EC2
assume_role_policy = file(“policy/assume_role_policy.json”)
}
resource “aws_iam_policy” “ecs_policy”{
policy = file(“policy/policy.json”)
}
resource “aws_iam_role_policy_attachment” “ecs_role_attach”{
role = aws_iam_role.ecs_role.name
policy_arn = aws_iam_policy.ecs_policy.arn
}
resource “aws_iam_instance_profile” “role-instance-profile”{
name = var.ECS_ROLE_FOR_EC2
role = aws_iam_role.ecs_role.name
}
output “role”{
value = aws_iam_role.ecs_role.arn
}
output “role_policy”{
value = aws_iam_policy.ecs_policy.policy
}
output “instance_profile”{
value = aws_iam_instance_profile.role-instance-profile.arn
}
++++++lt.tf++++++++
resource “aws_launch_template” “my-template”{
name = var.LT_NAME
image_id = var.LT_AMI
instance_type = var.LT_INSTANCE_TYPE
key_name = “AWSKey”
#vpc_security_group_ids = [aws_security_group.my-ecs-sg.id]
iam_instance_profile {
name = aws_iam_instance_profile.role-instance-profile.arn
}
block_device_mappings{
device_name = var.LT_DEVICE_NAME
ebs{
volume_size = var.LT_BLOCK_SIZE
delete_on_termination = “true”
volume_type = var.LT_VOLUME_TYPE
#iops = “1000”
}
}
tag_specifications{
resource_type = “instance”
tags = {
Name = “terraform-ec2”
}
}
network_interfaces{
associate_public_ip_address = “true”
delete_on_termination = “true”
security_groups = [aws_security_group.my-ecs-sg.id]
}
}
output “lt_id”{
value = aws_launch_template.my-template.id
}
Below is the output from both files-
Outputs:
instance_profile = “arn:aws:iam::xxxx:instance-profile/ECSforEC2”
lb = “my-elb-xxxxx.us-east-1.elb.amazonaws.com”
lt_id = “lt-03801294c4426b86c”
role = “arn:aws:iam::xxx:role/ECSforEC2”
role_policy = <<EOT
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“ec2:DescribeTags”,
“ecs:CreateCluster”,
“ecs:DeregisterContainerInstance”,
“ecs:DiscoverPollEndpoint”,
“ecs:Poll”,
“ecs:RegisterContainerInstance”,
“ecs:StartTelemetrySession”,
“ecs:UpdateContainerInstancesState”,
“ecs:Submit*”,
“ecr:GetAuthorizationToken”,
“ecr:BatchCheckLayerAvailability”,
“ecr:GetDownloadUrlForLayer”,
“ecr:BatchGetImage”,
“logs:CreateLogStream”,
“logs:PutLogEvents”
],
“Resource”: “*”
}
]
}
EOT
Please advise .