Invalid IAM Instance Profile

ManjunathanRajan · July 20, 2020, 2:26pm

Hi,

I am new here, sorry if this topic is already created.

I am trying to create role, policy, ec2 instance profile from terraform(2 .json files includes access to ec2), below is the .tf file, please advise where am I doing wrong.

iamroles.tf

resource "aws_iam_role_policy" "ec2_policy" {
  name        = "ec2_policy"
  role        = "aws_iam_role.javahome_ec2_role.id"
  policy      = file("ec2-policy.json")
}
resource "aws_iam_role" "javahome_ec2_role" {
  name               = "javahome_ec2_role"
  assume_role_policy = file("ec2-assume-policy.json")
}
resource "aws_iam_instance_profile" "ec2_profile" {
  name  = "javahome_ec2_profile"
  role = "aws_iam_role.javahome_ec2_role.name"
}

ec2-machines.tf

provider "aws" {
  region = var.region
  }  
resource "aws_instance" "web" {
  ami             = var.ami[var.region]
  instance_type   = "t2.micro"
  iam_instance_profile = "aws_iam_instance_profile.ec2_profile.name"
  tags = {
    Name = "HelloWorld"
  }
}

variables.tf

variable "region" {
  default = "us-west-2"
}
variable "ami" {
  type = map
  default = {
    us-west-2 = "ami-0b1e2eeb33ce3d66f" # US West (Oregon)
  }
  description = "have only added one region"
}

Receiving the below 3 error messages while running terraform apply -

Error launching source instance: InvalidParameterValue: Value (aws_iam_instance_profile.ec2_profile.name) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name
        status code: 400, request id: 36f38b3b-b348-4a59-9d7b-970592af897a

  on ec2-machines.tf line 5, in resource "aws_instance" "web":
   5: resource "aws_instance" "web" {

Error putting IAM role policy ec2_policy: NoSuchEntity: The role with name aws_iam_role.javahome_ec2_role.id cannot be found.
        status code: 404, request id: 727c6477-0e7a-45cf-ae0b-232df92725eb

  on iamroles.tf line 1, in resource "aws_iam_role_policy" "ec2_policy":
   1: resource "aws_iam_role_policy" "ec2_policy" {

Error adding role aws_iam_role.javahome_ec2_role.name to IAM instance profile javahome_ec2_profile: Error adding IAM Role aws_iam_role.javahome_ec2_role.name to Instance Profile javahome_ec2_profile: NoSuchEntity: The role with name aws_iam_role.javahome_ec2_role.name cannot be found.
        status code: 404, request id: 02fe931e-a00b-4233-b20b-9045883ac1bc

  on iamroles.tf line 12, in resource "aws_iam_instance_profile" "ec2_profile":
  12: resource "aws_iam_instance_profile" "ec2_profile" {

Requesting someone to please help me on this.

ManjunathanRajan · July 20, 2020, 2:38pm

@onlydole sorry to tag you.

My question always get ignored, could you please check and advise why no one is replying to my topic.

I tried to find the answer for the topic which I created but didn’t get any answer.

onlydole · July 20, 2020, 3:55pm

Hello @ManjunathanRajan,

I’d be more than happy to help with this. Which version of Terraform are you using?

If you’re using a 0.12 version of Terraform, you should be able to define your files as follows (note the removal of the double quotes around any Terraform variables). Since that’s a valid string, it passes the plan phase, but 404s when it goes to look up those values. Removing the double quotes around those values should get you back in working order.

Let me know if this works for you!

iamroles.tf

resource "aws_iam_role_policy" "ec2_policy" {
  name        = "ec2_policy"
  role        = aws_iam_role.javahome_ec2_role.name
  policy      = file("ec2-policy.json")
}
resource "aws_iam_role" "javahome_ec2_role" {
  name               = "javahome_ec2_role"
  assume_role_policy = file("ec2-assume-policy.json")
}
resource "aws_iam_instance_profile" "ec2_profile" {
  name  = "javahome_ec2_profile"
  role = aws_iam_role.javahome_ec2_role.name
}

ec2-machines.tf

provider "aws" {
  region = var.region
  }  
resource "aws_instance" "web" {
  ami             = var.ami[var.region]
  instance_type   = "t2.micro"
  iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
  tags = {
    Name = "HelloWorld"
  }
}

variables.tf

variable "region" {
  default = "us-west-2"
}
variable "ami" {
  type = map
  default = {
    us-west-2 = "ami-0b1e2eeb33ce3d66f" # US West (Oregon)
  }
  description = "have only added one region"
}

Sincerely,

Taylor Dolezal

ManjunathanRajan · July 21, 2020, 3:11am

Thank you very much @onlydole for the reply.

Will check and let you know

ManjunathanRajan · July 21, 2020, 3:40am

@onlydole your are great, awesome, this made my day as testing is successful:clap:

could you please help on this last question, I am using this below .tf file but the output file is not displaying the public IP of instance after terraform apply

outputs.tf

output "public_ip" {
    description = "List of public IP addresses assigned to the instances, if applicable"
     value       = aws_instance.example.*.public_ip
}

Error Message -

The state file either has no outputs defined, or all the defined
outputs are empty. Please define an output in your configuration
with the `output` keyword and run `terraform refresh` for it to 
become available. If you are using interpolation, please verify 
the interpolated value is not empty. You can use the 
`terraform console` command to assist.

onlydole · July 22, 2020, 3:44am

Hello @ManjunathanRajan,

I’m happy I could help with the other items! If you change:

aws_instance.example.*.public_ip

to

aws_instance.web.*.public_ip

Does that work for you?

Sincerely,

Taylor Dolezal

ManjunathanRajan · July 22, 2020, 2:19pm

@onlydole it worked. Thanks again

onlydole · July 22, 2020, 4:23pm

Yes!!! Glad to hear it, @ManjunathanRajan

I hope you have a fantastic day, and great rest of the week! Let us know if you have any other questions.

Sincerely,

Taylor Dolezal