launch_template error when using new iam_instance_profile

[mcaulifn]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

terraform version
Terraform v0.11.7

• provider.aws v1.27.0
• provider.null v1.0.0

Affected Resource(s)

aws_iam_instance_profile
aws_launch_template

Terraform Configuration Files

resource "aws_iam_instance_profile" "router_app_instance_profile" {
  name = "router_app_instance_profile"
  role = "${aws_iam_role.router_app_role.name}"
}

resource "aws_launch_template" "lt_router_app" {
  name_prefix   = "lt_router_app"
  image_id      = "${var.ami_id}"
  instance_type = "${var.instance_size}"
  key_name      = "${var.key_name}"
  vpc_security_group_ids = [
    "${aws_security_group.sg_tcp_22_segment.id}",
    "${aws_security_group.sg_tcp_830_internal.id}",
    "${aws_security_group.sg_udp_161_internal.id}",
    "${module.global.sg_app_default}",
  ]
  monitoring {
    enabled = true
  }
  ebs_optimized = false
  iam_instance_profile {
    name = "${aws_iam_instance_profile.router_app_instance_profile.name}"
  }
}

resource "aws_autoscaling_group" "asg_router_app_c" {
  name             = "${lookup(var.asg_names, "app_c")}"
  launch_template = {
    id      = "${aws_launch_template.lt_router_app.id}"
    version = "$$Latest"
  }
}

Expected Behavior

Launch template created with IAM instance profile attached

Actual Behavior

Launch template fails to create on first run. Resources created successfully on second run.

aws_autoscaling_group.asg_router_app_c: Error creating AutoScaling Group: ValidationError: You must use a valid fully-formed launch template. Value (router_app_instance_profile) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name
status code: 400, request id: d43ab76e-89d4-11e8-b720-278140b97e98

Steps to Reproduce

terraform apply (x2)

1. terraform apply

Important Factoids

References

• IAM instance profile not created fast enough to modify EC2 instance #838

[ophintor]

Had the same issue, the only workaround I found was to add a bit of delay after the creation of the launch template:

resource "aws_launch_template" "ecs_sf" {
...
  provisioner "local-exec" {
    command = "sleep 10"
  }
}

[StephenKing]

So it seems the retry handling added to the aws_launch_configuration should be added to aws_launch_template as well..

[bflad]

The fix here was actually in the aws_autoscaling_group resource as it was that API that was failing a validation check due to IAM eventual consistency. Bug fix submitted: #5633

[bflad]

The fix for this has been merged into master and will release with version 1.34.0 of the AWS provider, likely later today.

[StephenKing]

Thanks @bflad!

[bflad]

This has been released in version 1.34.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!