IAM intstance profile issue
429 views
Skip to first unread message
Bubunia Patra
Mar 8, 2018, 11:21:07 AM3/8/18
to Terraform
Hi all,
I am struggling to find out the reason why the terraform(Terraform v0.9.11) complains and fails with the following reason when after running "terraform destroy" and "terraform apply" again. The IAM roles that are recreated dont get cleaned up and raises a error message as below. Is it fixed in latest version of terraform or needs to be removed manually using AWS CLI?
Error creating IAM instance profile test-iam-instance-profile-ec2-test: EntityAlreadyExists: Instance Profile test-iam-instance-profile-ec2-test already exists.
Regards
Pradeep
⁞ Fernando Miguel
Mar 8, 2018, 11:23:46 AM3/8/18
to terrafo...@googlegroups.com
You probably created a previous ec2 instance profile and never deleted it, and are trying to reuse the name.
Delete it manually via aws cli and it will work again
--
Fernando Miguel
Fernando Miguel
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/849b3b06-7104-4aaa-b9c0-8b8457112a18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Bubunia Patra
Mar 8, 2018, 11:45:23 AM3/8/18
to Terraform
Actually the problem is there terraform destroy should clean up the instance provided created by terraform. But it doesnt .
Not sure the latest version exists or not.
Not sure the latest version exists or not.
On Friday, March 9, 2018 at 12:23:46 AM UTC+8, Fernando wrote:
You probably created a previous ec2 instance profile and never deleted it, and are trying to reuse the name.Delete it manually via aws cli and it will work again--
Fernando Miguel
On 8 Mar 2018 16:21, "Bubunia Patra" <bubunia...@gmail.com> wrote:
Hi all,--I am struggling to find out the reason why the terraform(Terraform v0.9.11) complains and fails with the following reason when after running "terraform destroy" and "terraform apply" again. The IAM roles that are recreated dont get cleaned up and raises a error message as below. Is it fixed in latest version of terraform or needs to be removed manually using AWS CLI?Error creating IAM instance profile test-iam-instance-profile-ec2-test: EntityAlreadyExists: Instance Profile test-iam-instance-profile-ec2-test already exists.RegardsPradeep
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
⁞ Fernando Miguel
Mar 8, 2018, 11:57:30 AM3/8/18
to terrafo...@googlegroups.com
i cant say i ever had that problem with any aws provider 0.10 or 0.11
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/cd05b7bb-130a-4f04-aa26-3de759083767%40googlegroups.com.
Clint Shryock
Mar 8, 2018, 12:05:21 PM3/8/18
to terrafo...@googlegroups.com
Hello!
>Actually the problem is there terraform destroy should clean up the instance provided created by terraform. But it doesnt .
Can you verify the cleanup for us? If you could, please provide the `terraform destroy` output (omitting any secrets!) and then verify in the web console that the profile is in fact destroyed. IAM is notorious for eventual consistency issues. If you're destroying and then re-creating fairly quickly, then this could be the case and we can add some retry code to the create method and / or verification to the delete method.
Thanks!
Clint
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAM7yfUBPJXb5a37jAU_uPXCB0gmYyboQYqgTAr7BevRCUN7dMw%40mail.gmail.com.
André R. Agostinho
May 12, 2019, 5:34:19 PM5/12/19
to Terraform
I had the same problem.
Even investigating on AWS and manually removing IAM Roles the problem continue happening.
I my case I created many EC2s before using the same IAM Role in .tf files, like Fernando said here.
I solved the problem omitting Name attribute for IAM Role, IAM Policy and IAM Profile. When you ommit the attribute Name Terraform will gen a random name for it.
resource "aws_iam_role_policy" "terraformIamPolicy" {
role = "${aws_iam_role.terraformIamRole.id}"
policy = "${file("policies/iamrolepolicy.json")}"
}
resource "aws_iam_role" "terraformIamRole" {
assume_role_policy = "${file("policies/assumerolepolicy.json")}"
tags = {
Name = "terraformIamRole"
}
}
resource "aws_iam_instance_profile" "terraformProfile" {
role = "${aws_iam_role.terraformIamRole.name}"
}
resource "aws_instance" "helloTerraForm" {
instance_type = "t2.large"
ami = "ami-0401b579fa08f00fb"
count = 1
iam_instance_profile = "${aws_iam_instance_profile.terraformProfile.name}"
}
The result will be something like that "terraform-10190512212708041200000001"
Chamila de Alwis
May 12, 2019, 5:54:45 PM5/12/19
to terrafo...@googlegroups.com
Confirming that I've also consistently being seeing this behavior with multiple Terraform versions. As far as I could find out, this behavior was because of [1]. My solution was somewhat similar to Andre's where I suffixed the IAM profile name with a random string.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/e7cabe59-010e-44ed-bd53-273922c3512b%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages