terraform-aws-imagebuilder-pipeline icon indicating copy to clipboard operation
terraform-aws-imagebuilder-pipeline copied to clipboard

Published 20 hours ago verified publisher icon rhythmictech

[BUG]The value supplied for parameter 'instanceProfileName' is not valid. The provided instance profile does not exist. Please specify a different instance profile and try again

Open condescendent opened this issue 2 years ago • 2 comments

Describe the bug I got the following error from the embedded cloudformation stack: "The value supplied for parameter 'instanceProfileName' is not valid. The provided instance profile does not exist. Please specify a different instance profile and try again".

The stack name is the same as the name I assigned to the module. I checked the role created from Terraform and found the role is there. Then I used the aws cli command to check if the instance profile has been created. From the output I can see the instance profile has been created. Please see below for verification:

I see the principle for this role is ""Service": "ec2.amazonaws.com"", it looks like the cloudformation service is not listed in the principle, this may cause the cloudformation cannot find this role or instance profile. (correct me if i am wrong)

{
           "Path": "/",
           "InstanceProfileName": "jason-pipeline-imagebuilder-instance-profile-20220922071727921200000002",
           "InstanceProfileId": "AIPAWF2ABWU5GN24MBMYM",
           "Arn": "arn:aws:iam::xxxxxxxxxxx:instance-profile/jason-pipeline-imagebuilder-instance-profile-20220922071727921200000002",
           "CreateDate": "2022-09-22T07:17:27+00:00",
           "Roles": [
               {
                   "Path": "/",
                   "RoleName": "jason-pipeline-imagebuilder-role-20220922071727266500000001",
                   "RoleId": "AROAWF2ABWU5FOMOKJO32",
                   "Arn": "arn:aws:iam::xxxxxxxx:role/jason-pipeline-imagebuilder-role-20220922071727266500000001",
                   "CreateDate": "2022-09-22T07:17:27+00:00",
                   "AssumeRolePolicyDocument": {
                       "Version": "2012-10-17",
                       "Statement": [
                           {
                               "Sid": "",
                               "Effect": "Allow",


                               "Principal": {
                                   "Service": "ec2.amazonaws.com"
                               },


                               "Action": "sts:AssumeRole"
                           }
                       ]
                   }
               }
           ]
       },

To Reproduce Steps to reproduce the behavior: Easy to reproduce by using the code below:

module "imagebuilder-pipeline" {
  source  = "rhythmictech/imagebuilder-pipeline/aws"
  version = "0.5.2"

  # insert the 2 required variables here
  description = "Jason Testing pipeline"
  name        = "jason-pipeline"
 # tags        = local.tags
   tags = {
    created_on = "09212022"
  }
  recipe_arn  = module.test_recipe.recipe_arn
  public      = false

}

Expected behavior all the stack finishes successfully and the image build pipeline created successfully.

Screenshots see attachment

Desktop (please complete the following information): using Terraform newest version

condescendent avatar Sep 22 '22 08:09 condescendent

cannot upload copy screen, don't know how to do it.

condescendent avatar Sep 22 '22 08:09 condescendent

Instance profiles are basically roles that get assigned to EC2s, so the assume role having ec2.amazonaws.com is correct.

This is confusing, though, everything looks right. Could you try running it again? Maybe IAM just needs a moment to let the instance profile propagate through the system so CloudFormation can find it.

sblack4 avatar Sep 23 '22 15:09 sblack4